Latest cesnet libyang Vulnerabilities

CVE-2023-26917
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.
Cesnet Libyang>=2.0.164<=2.1.30
CVE-2023-26916
Cesnet Libyang>=2.0.164<=2.1.30
Fedoraproject Fedora=36
Fedoraproject Fedora=37
CVE-2021-28902
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->fl...
Cesnet Libyang<=1.0.225
CVE-2021-28906
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags t...
Cesnet Libyang<=1.0.225
CVE-2021-28905
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617)...
Cesnet Libyang<=1.0.225
CVE-2021-28903
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lea...
Cesnet Libyang<=1.0.225
CVE-2019-20396
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 5 more
CVE-2019-20398
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang ...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 8 more
CVE-2019-20391
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse unt...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 7 more
CVE-2019-20394
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang file...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 8 more
CVE-2019-20393
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to t...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 6 more
CVE-2019-20397
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vuln...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 5 more
CVE-2019-20395
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 5 more
CVE-2019-20392
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defi...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 5 more
CVE-2019-19334
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 12 more
CVE-2019-19333
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrus...
Cesnet Libyang=0.11-r1
Cesnet Libyang=0.11-r2
Cesnet Libyang=0.12-r1
Cesnet Libyang=0.12-r2
Cesnet Libyang=0.13-r1
Cesnet Libyang=0.13-r2
and 11 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203