CVE List

CVE-2019-19333

Severe 9.8

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Published December 6, 2019.

Affected software

Get alerts for Redhat Enterprise Linux

Reference links