Lucene search

Ubuntu.comUB:CVE-2018-13844

HistoryJul 10, 2018 - 12:00 a.m.

CVE-2018-13844

2018-07-1000:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.7%

JSON

DISPUTED An issue has been found in HTSlib 1.8. It is a memory leak
in fai_read in faidx.c. NOTE: This has been disputed with the assertion
that this vulnerability exists in the test harness and HTSlib users would
be aware of the need to destruct this object returned by fai_load() in
their own code.

Notes

Author	Note
ebarretto	Fix was done in test code. Since the test is only available in htslib >= 1.8, then marking as not affected in earlier versions of htslib

References

github.com/samtools/htslib/issues/731#issuecomment-403675330

launchpad.net/bugs/cve/CVE-2018-13844

nvd.nist.gov/vuln/detail/CVE-2018-13844

security-tracker.debian.org/tracker/CVE-2018-13844

www.cve.org/CVERecord?id=CVE-2018-13844

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for UB:CVE-2018-13844