CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-20396
https://notcve.org/view.php?id=CVE-2019-20396
22 Jan 2020 — A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. Un error de segmentación está presente en yyparse en libyang versiones anteriores a v1.0-r1, debido a un valor de sentencia pattern malformado durante el análisis de lys_parse_path. • https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-20397
https://notcve.org/view.php?id=CVE-2019-20397
22 Jan 2020 — A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. Una doble liberación está presente en libyang versiones anteriores a v1.0-r1, en la función yyparse() cuando un campo organization no es terminado. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables... • https://bugzilla.redhat.com/show_bug.cgi?id=1793928 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-20398
https://notcve.org/view.php?id=CVE-2019-20398
22 Jan 2020 — A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. Una desreferencia del puntero NULL está presente en libyang versiones anteriores a v1.0-r3, en la función lys_extension_instances_free() debido a una copia de extensiones no resuelta en la función lys_restr_dup(). Las aplicaciones que usan libyang para analizar arc... • https://bugzilla.redhat.com/show_bug.cgi?id=1793935 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2019-19334 – libyang: stack-based buffer overflow in make_canonical when identityref leaf type is used
https://notcve.org/view.php?id=CVE-2019-19334
06 Dec 2019 — In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. En todas las versiones de libyang anteriores a 1.0-r5, se detectó un desbordamiento del búfer en la región heap de la memoria en la manera en que libyang analiza los ... • https://access.redhat.com/errata/RHSA-2019:4360 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-19333 – libyang: stack-based buffer overflow in make_canonical when bits leaf type is used
https://notcve.org/view.php?id=CVE-2019-19333
06 Dec 2019 — In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. En todas las versiones de libyang anteriores a 1.0-r5, se detectó un desbordamiento del búfer en la región heap de la memoria en la manera en que libyang analiza los archivo... • https://access.redhat.com/errata/RHSA-2019:4360 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •