CVE-2018-13844 - OpenCVE

An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Htslib	Htslib

Configuration 1 [-]

cpe:2.3:a:htslib:htslib:1.8:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/samtools/htslib/issues/731#issuecomment-403675330	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-10T18:00:00

Updated: 2021-08-13T13:42:36

Reserved: 2018-07-10T00:00:00

Link: CVE-2018-13844

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-10T18:29:00.467

Modified: 2024-05-17T01:23:42.313

Link: CVE-2018-13844

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htslib:htslib:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "CE46DC92-5339-441A-95B3-BBBE0910C816", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code"}, {"lang": "es", "value": "** EN DISPUTA ** Se ha detectado un problema en HTSlib en la versi\u00f3n 1.8. Es una p\u00e9rdida de memoria en fai_read en faidx.c. NOTA: Esto ha sido cuestionado con la afirmaci\u00f3n de que esta vulnerabilidad existe en el harness de prueba y los usuarios de HTSlib ser\u00edan conscientes de la necesidad de destruir este objeto devuelto por fai_load () en su propio c\u00f3digo."}], "id": "CVE-2018-13844", "lastModified": "2024-05-17T01:23:42.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-10T18:29:00.467", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/samtools/htslib/issues/731#issuecomment-403675330"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}