49 matches found
PYSEC-2020-187
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash...
PYSEC-2020-168
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash...
PYSEC-2020-185
A double-free is present in libyang before v1.0-r1 in the function yyparse when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
PYSEC-2020-169
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...
PYSEC-2020-190
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lysextensioninstancesfree due to a copy of unresolved extensions in lysrestrdup. Applications that use libyang to parse untrusted input yang files may crash...
PYSEC-2020-186
A double-free is present in libyang before v1.0-r3 in the function yyparse when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
CVE-2019-19333
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of...
PYSEC-2019-101
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a...
CVE-2019-19333
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of...