Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libyang
(Cesnet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-22 | CVE-2019-20391 | An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash. | Libyang | 6.5 | ||
| 2020-01-22 | CVE-2019-20392 | An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. | Libyang | 6.5 | ||
| 2020-01-22 | CVE-2019-20393 | A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | Libyang | 8.8 | ||
| 2020-01-22 | CVE-2019-20394 | A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | Libyang | 8.8 | ||
| 2020-01-22 | CVE-2019-20395 | A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. | Libyang | 6.5 | ||
| 2020-01-22 | CVE-2019-20396 | A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. | Libyang | 6.5 | ||
| 2020-01-22 | CVE-2019-20397 | A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | Libyang | 8.8 |