Cesnet Libyang 0.14 R1

CPE Details

Cesnet Libyang 0.14 R1
cesnet
libyang
0.14
2019-12-16
19h03 +00:00
2019-12-16
19h03 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*

Informations

Vendor

cesnet

Product

libyang

Version

0.14

Update

r1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-28906 2021-05-20 16h36 +00:00 In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
7.5
Haute
CVE-2021-28905 2021-05-20 16h36 +00:00 In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
7.5
Haute
CVE-2021-28904 2021-05-20 16h36 +00:00 In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
7.5
Haute
CVE-2021-28903 2021-05-20 16h36 +00:00 A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
7.5
Haute
CVE-2021-28902 2021-05-20 16h36 +00:00 In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
7.5
Haute
CVE-2019-20391 2020-01-21 23h00 +00:00 An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
6.5
Moyen
CVE-2019-20392 2020-01-21 23h00 +00:00 An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
6.5
Moyen
CVE-2019-20393 2020-01-21 23h00 +00:00 A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
8.8
Haute
CVE-2019-20394 2020-01-21 23h00 +00:00 A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
8.8
Haute
CVE-2019-20395 2020-01-21 23h00 +00:00 A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
6.5
Moyen
CVE-2019-20396 2020-01-21 23h00 +00:00 A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
6.5
Moyen
CVE-2019-20397 2020-01-21 23h00 +00:00 A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
8.8
Haute
CVE-2019-20398 2020-01-21 23h00 +00:00 A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
6.5
Moyen
CVE-2019-19334 2019-12-06 14h22 +00:00 In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
9.8
Critique
CVE-2019-19333 2019-12-06 14h19 +00:00 In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
9.8
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.