Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Libyang Security Vulnerabilities

cve
cve

CVE-2019-19333

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of s...

9.8CVSS

9.7AI Score

0.004EPSS

2019-12-06 04:15 PM
102
cve
cve

CVE-2019-19334

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a deni...

9.8CVSS

9.7AI Score

0.003EPSS

2019-12-06 04:15 PM
60
cve
cve

CVE-2019-20391

An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.

6.5CVSS

6.4AI Score

0.003EPSS

2020-01-22 10:15 PM
78
cve
cve

CVE-2019-20392

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.

6.5CVSS

6.4AI Score

0.003EPSS

2020-01-22 10:15 PM
56
cve
cve

CVE-2019-20393

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

8.8CVSS

8.5AI Score

0.008EPSS

2020-01-22 10:15 PM
61
cve
cve

CVE-2019-20394

A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

8.8CVSS

8.5AI Score

0.008EPSS

2020-01-22 10:15 PM
60
cve
cve

CVE-2019-20395

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

6.5CVSS

6.3AI Score

0.004EPSS

2020-01-22 10:15 PM
63
cve
cve

CVE-2019-20396

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.

6.5CVSS

6.4AI Score

0.003EPSS

2020-01-22 10:15 PM
67
cve
cve

CVE-2019-20397

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

8.8CVSS

8.6AI Score

0.004EPSS

2020-01-22 10:15 PM
62
cve
cve

CVE-2019-20398

A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.

6.5CVSS

6.4AI Score

0.003EPSS

2020-01-22 10:15 PM
67
cve
cve

CVE-2021-28902

In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

7.5CVSS

7.2AI Score

0.001EPSS

2021-05-20 07:15 PM
89
8
cve
cve

CVE-2021-28903

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.

7.5CVSS

7.3AI Score

0.001EPSS

2021-05-20 07:15 PM
87
11
cve
cve

CVE-2021-28904

In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.

7.5CVSS

7.2AI Score

0.001EPSS

2021-05-20 07:15 PM
92
6
cve
cve

CVE-2021-28905

In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).

7.5CVSS

7.2AI Score

0.001EPSS

2021-05-20 07:15 PM
83
8
cve
cve

CVE-2021-28906

In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.

7.5CVSS

7.2AI Score

0.001EPSS

2021-05-20 07:15 PM
88
7
cve
cve

CVE-2023-26916

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.

5.3CVSS

5.4AI Score

0.001EPSS

2023-04-03 10:15 PM
32
cve
cve

CVE-2023-26917

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.

7.5CVSS

7.4AI Score

0.001EPSS

2023-04-11 12:15 PM
32