CVE-2018-13844

{"id": "CVE-2018-13844", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-07-10T18:29:00.467", "references": [{"url": "https://github.com/samtools/htslib/issues/731#issuecomment-403675330", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/samtools/htslib/issues/731#issuecomment-403675330", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code"}, {"lang": "es", "value": "** EN DISPUTA ** Se ha detectado un problema en HTSlib en la versi\u00f3n 1.8. Es una p\u00e9rdida de memoria en fai_read en faidx.c. NOTA: Esto ha sido cuestionado con la afirmaci\u00f3n de que esta vulnerabilidad existe en el harness de prueba y los usuarios de HTSlib ser\u00edan conscientes de la necesidad de destruir este objeto devuelto por fai_load () en su propio c\u00f3digo."}], "lastModified": "2024-11-21T03:48:10.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htslib:htslib:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE46DC92-5339-441A-95B3-BBBE0910C816"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}