CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26917
https://notcve.org/view.php?id=CVE-2023-26917
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1987 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26916
https://notcve.org/view.php?id=CVE-2023-26916
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. • https://github.com/CESNET/libyang/issues/1979 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28906
https://notcve.org/view.php?id=CVE-2021-28906
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. En la función read_yin_leaf() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de retval-)ext [r] es NULL. En algunos casos, puede ser NULL, lo que conlleva a la operación de retval-)ext[r]-)flags que resulta en un bloqueo • https://github.com/CESNET/libyang/issues/1455 https://security.gentoo.org/glsa/202107-54 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28905
https://notcve.org/view.php?id=CVE-2021-28905
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). En la función lys_node_free() en libyang versiones anteriores a v1.0.225 incluyéndola, afirma que el valor de node-)module no puede ser NULL. Pero en algunos casos, node-) module puede ser nulo, lo que desencadena una aserción alcanzable (CWE-617) • https://github.com/CESNET/libyang/issues/1452 https://security.gentoo.org/glsa/202107-54 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28904
https://notcve.org/view.php?id=CVE-2021-28904
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. En la función ext_get_plugin() en libyang versiones anteriores a v1.0.225 incluyéndola, no comprueba si el valor de la revisión es NULL. Si la revisión es NULL, la operación de strcmp (revisión, ext_plugins[u] .revision) provocará un bloqueo • https://github.com/CESNET/libyang/issues/1451 https://security.gentoo.org/glsa/202107-54 • CWE-252: Unchecked Return Value •