CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2019-19334 – libyang: stack-based buffer overflow in make_canonical when identityref leaf type is used
https://notcve.org/view.php?id=CVE-2019-19334
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. En todas las versiones de libyang anteriores a 1.0-r5, se detectó un desbordamiento del búfer en la región heap de la memoria en la manera en que libyang analiza los archivos YANG con una hoja de tipo "identityref". Una aplicación que usa libyang para analizar archivos YANG no confiables puede ser vulnerable a este fallo, lo que permitiría a un atacante causar una denegación de servicio o posiblemente conseguir la ejecución de código. A stack-based buffer overflow flaw was discovered in the way libyang parses YANG files with a leaf of type "identityref". • https://access.redhat.com/errata/RHSA-2019:4360 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19334 https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PETB6TVMFV5KUD4IKVP2JPLBCYHUGSAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RL54JMS7XW7PI6JC4BFSNNLSX5AINQUL https://access.redhat.com/security/cve/CVE-2019-19334 https://bugzilla.redhat.com/show_bug.c • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-19333 – libyang: stack-based buffer overflow in make_canonical when bits leaf type is used
https://notcve.org/view.php?id=CVE-2019-19333
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. En todas las versiones de libyang anteriores a 1.0-r5, se detectó un desbordamiento del búfer en la región heap de la memoria en la manera en que libyang analiza los archivos YANG con una hoja de tipo "bits". Una aplicación que usa libyang para analizar archivos YANG no confiables puede ser vulnerable a este fallo, lo que permitiría a un atacante causar una denegación de servicio o posiblemente conseguir la ejecución de código. A stack-based buffer overflow flaw was discovered in the way libyang parses YANG files with a leaf of type "bits". • https://access.redhat.com/errata/RHSA-2019:4360 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19333 https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PETB6TVMFV5KUD4IKVP2JPLBCYHUGSAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RL54JMS7XW7PI6JC4BFSNNLSX5AINQUL https://access.redhat.com/security/cve/CVE-2019-19333 https://bugzilla.redhat.com/show_bug.c • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •