CVE-2018-13844
7.5
HIGH
CVSS 3.1
EPSS 0.37%
Description
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code
How to fix CVE-2018-13844
To remediate CVE-2018-13844, upgrade the affected package to a fixed version below.
- Debian/htslib—upgrade to 1.9-2 or later
Is CVE-2018-13844 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.9-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |