libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit

An invalid memory access flaw occurs in libyang in the function resolvefeaturevalue when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash...

libyang buffer overflow vulnerability (CNVD-2020-10242)

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A buffer overflow vulnerability exists in the 'resolvefeaturevalue' function in versions of libyang prior to 1.0-r1. An attacker can exploit this vulnerability to cause the...

libyang buffer overflow vulnerability (CNVD-2020-10243)

libyang is a YANG data modeling language parser and toolkit written in C. It can be used as a toolkit for data modeling. A buffer overflow vulnerability exists in the 'resolvefeaturevalue' function in versions prior to libyang v1.0-r3. An attacker can exploit this vulnerability to cause the...

PYSEC-2020-164

An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolvefeaturevalue when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash...

UBUNTU-CVE-2019-20391

An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolvefeaturevalue when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash...

Design/Logic Flaw

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolvefeaturevalue when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash...

PT-2020-1237 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0-r1 Description: An invalid memory access flaw is present in the function resolve feature value when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that u...

CVE-2019-20392

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolvefeaturevalue when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash...