CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Security update for libyang

This update for libyang fixes the following issues CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML documents with specific metadata attributes bsc1266316. CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffer overflow wh...

9.2CVSS5.7AI score0.00068EPSS

Exploits0References8

SUSE Linux•added 4 days ago•4 views

Security update for libyang

9.2CVSS5.7AI score0.00068EPSS

Exploits0References8

RedHat Linux•added 5 days ago•8 views

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

7.5CVSS6.4AI score0.00068EPSS

Exploits0References5

Snyk•added 2026/05/14 11:28 p.m.•7 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound through the lybreadstring function in src/parserlyb.c when parsing a specially crafted LYB binary blob. An attacker can cause a crash or corrupt the heap by supplying malicious LYB data to a consumer of th...

8.7CVSS5.8AI score0.00068EPSS

Exploits0References2

OSV•added 2026/05/14 9:16 p.m.•6 views

UBUNTU-CVE-2026-44673

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

7.5CVSS6AI score0.00068EPSS

Exploits0References3