CVE-2018-13844

August 13, 2021

** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code.

Summary:

** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code.

Reference Links(if available):

  • https://github.com/samtools/htslib/issues/731#issuecomment-403675330

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

    v3: / HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    cybersecurity

    Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ebir[.]com/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

    April 23, 2024
    image

    CACTUS Ransomware Victim: https://www[.]saglobal[.]com/

    April 23, 2024