CVE-2018-13844

EUVD-2018-5780
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
htslibhtslib
1.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
htslib
bookworm
1.16+ds-3
fixed
bullseye
1.11-4
fixed
jessie
no-dsa
sid
1.20+ds-2
fixed
stretch
no-dsa
trixie
1.20+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
htslib
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/samtools/htslib/issues/731#issuecomment-403675330
https://github.com/samtools/htslib/issues/731#issuecomment-403675330