PT-2020-1238 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r3 Description: A double-free issue is present in the yyparse function when a type statement is used in a notification statement. This affects applications that use libyang to parse untrusted input yang files,...

PT-2020-1240 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r1 Description: A segmentation fault is present in yyparse due to a malformed pattern statement value during lys parse path parsing. Recommendations: For versions prior to v1.0-r1, update to v1.0-r1 or later to...

PT-2020-1241 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r1 Description: A double-free issue is present in the yyparse function when an organization field is not terminated, potentially causing a crash or code execution. This affects applications that use libyang to...

CVE-2019-20394

A double-free is present in libyang before v1.0-r3 in the function yyparse when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution...

mruby:mruby_fuzzer: Crash in local_add_lv

Project: https://github.com/mruby/mruby.git Detailed Report: https://oss-fuzz.com/testcase?key=5695723449876480 Project: mruby Fuzzing Engine: libFuzzer Fuzz Target: mrubyfuzzer Job Type: libfuzzerasanmruby Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000003809 Crash State:...

PT-2019-1107 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r1 Description: A double-free issue is present in the yyparse function when an empty description is used, potentially causing a crash or code execution. This issue affects applications that use libyang to parse...

CVE-2018-17072

JSON++ through 2016-06-15 has a buffer over-read in yyparse in json.y...

CVE-2018-17072

JSON++ through 2016-06-15 has a buffer over-read in yyparse in json.y...

CVE-2018-17072

JSON++ through 2016-06-15 has a buffer over-read in yyparse in json.y...

CVE-2018-17072

The CVE-2018-17072 entry concerns JSON++ up to 2016-06-15 with a buffer over-read in yyparse() inside json.y. Affected component: the json.y parser within JSON++. Root cause: buffer over-read during parsing. Impact and exploitability details are not expanded beyond what the description states, bu...

CVE-2017-5923

libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted rule that is mishandled in the yarayyparse function...

PT-2017-16760

Name of the Vulnerable Software and Affected Versions YARA version 3.5.0 Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based out-of-bounds read and application crash. This occurs when a crafted rule is mishandled in the yara yyparse function...