First published: Mon Apr 03 2023(Updated: )
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cesnet Libyang | >=2.0.164<=2.1.30 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-26916 is a vulnerability in libyang from version 2.0.164 to version 2.1.30 that can result in a NULL pointer dereference.
CVE-2023-26916 has a severity rating of medium, with a CVSS score of 5.3.
Cesnet Libyang versions 2.0.164 to 2.1.30, Fedora 36, and Fedora 37 are affected by CVE-2023-26916.
CVE-2023-26916 is associated with CWE ID 476.
To fix CVE-2023-26916, users should update their libyang software to a version that has the patch for the vulnerability.