Published: 30 November 2018
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
CVSS 3 base score: 8.8
This CVE may be disputed by upstream. From issue #120: "The bug report is apparently incorrect and the ASAN output looks like a premature exit without cleanup on an error in the caller, not the library." Ignoring this CVE