CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26917
https://notcve.org/view.php?id=CVE-2023-26917
11 Apr 2023 — libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1987 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26916
https://notcve.org/view.php?id=CVE-2023-26916
03 Apr 2023 — libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1979 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28906 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28906
20 May 2021 — In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. En la función read_yin_leaf() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de retval-)ext [r] es NULL. En algunos casos, puede ser NULL, lo que conlleva a la operación de retval-)ext[r]-)flags que resulta en un bloqueo An update that fixes four v... • https://github.com/CESNET/libyang/issues/1455 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28905 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28905
20 May 2021 — In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). En la función lys_node_free() en libyang versiones anteriores a v1.0.225 incluyéndola, afirma que el valor de node-)module no puede ser NULL. Pero en algunos casos, node-) module puede ser nulo, lo que desencadena una aserción alcanzable (CWE-617) An update that fixes one vulnerability is now available. ... • https://github.com/CESNET/libyang/issues/1452 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28904 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28904
20 May 2021 — In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. En la función ext_get_plugin() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de la revisión es NULL. Si la revisión es NULL, la operación de strcmp (revisión, ext_plugins[u] .revision) provocará un bloqueo An update that fixes four vulnerabilities is now avail... • https://github.com/CESNET/libyang/issues/1451 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28903 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28903
20 May 2021 — A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. Un desbordamiento de pila en libyang versiones anteriores a v1.0.225 incluyéndola, puede causar una denegación de servicio por medio de la función lyxml_parse_mem(). La función lyxml_parse_elem() será llamada de forma recursiva, lo que consumirá espacio en la pila y conllevará a un bloqueo An u... • https://github.com/CESNET/libyang/issues/1453 • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28902 – Gentoo Linux Security Advisory 202107-54
https://notcve.org/view.php?id=CVE-2021-28902
20 May 2021 — In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. En la función read_yin_container() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de retval-)ext[r] es NULL. En algunos casos, puede ser NULL, lo que conlleva a una operación de retval-)ext [r]-)flags que resulta en un bloqueo An update that f... • https://github.com/CESNET/libyang/issues/1454 • CWE-252: Unchecked Return Value •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-20398
https://notcve.org/view.php?id=CVE-2019-20398
22 Jan 2020 — A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. Una desreferencia del puntero NULL está presente en libyang versiones anteriores a v1.0-r3, en la función lys_extension_instances_free() debido a una copia de extensiones no resuelta en la función lys_restr_dup(). Las aplicaciones que usan libyang para analizar arc... • https://bugzilla.redhat.com/show_bug.cgi?id=1793935 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-20391
https://notcve.org/view.php?id=CVE-2019-20391
22 Jan 2020 — An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash. Un fallo de acceso a memoria no válida está presente en libyang versiones anteriores a v1.0-r3, en la función resolve_feature_value() cuando es usada una sentencia if-feature dentro de un bit. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiabl... • https://bugzilla.redhat.com/show_bug.cgi?id=1793934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-20392
https://notcve.org/view.php?id=CVE-2019-20392
22 Jan 2020 — An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. Un fallo de acceso a memoria no válida está presente en libyang versiones anteriores a v1.0-r1, en la función resolve_feature_value() cuando es usada una sentencia if-feature dentro de un nodo de clave de lista, y la característic... • https://bugzilla.redhat.com/show_bug.cgi?id=1793922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •