Home > Vulnerability Database > CVE-2018-13844

Mend.io Vulnerability Database

CVE-2018-13844

Date: July 10, 2018

An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code

Language: C

Severity Score

7.5

Related Resources (3)

Url: https://github.com/samtools/htslib/issues/731#issuecomment-403675330

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-13844

Url: https://www.mend.io/vulnerability-database/CVE-2018-13844

Severity Score

7.5

Weakness Type (CWE)

Resource Management Errors

CWE-399

Missing Release of Memory after Effective Lifetime

CWE-401

Missing Release of Resource after Effective Lifetime

CWE-772

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-13844

Date: July 10, 2018

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?