9 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-20392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolvefeaturevalue when an if-feature statement is used inside a list key...
SUSE CVE-2019-20391
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolvefeaturevalue when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash...
libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern
A heap-based buffer over-read flaw occurs in libyang in function lystypefree due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks...
UBUNTU-CVE-2019-20398
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lysextensioninstancesfree due to a copy of unresolved extensions in lysrestrdup. Applications that use libyang to parse untrusted input yang files may crash...
UBUNTU-CVE-2019-20397
A double-free is present in libyang before v1.0-r1 in the function yyparse when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
UBUNTU-CVE-2019-20395
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash...
UBUNTU-CVE-2019-20393
A double-free is present in libyang before v1.0-r1 in the function yyparse when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...
UBUNTU-CVE-2019-20391
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolvefeaturevalue when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash...
PT-2020-1237 · Libyang · Libyang
Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0-r1 Description: An invalid memory access flaw is present in the function resolve feature value when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that u...