CVE-2019-19334
06.12.2019, 16:15
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cesnet | libyang | 0.11:r1 |
| cesnet | libyang | 0.11:r2 |
| cesnet | libyang | 0.12:r1 |
| cesnet | libyang | 0.12:r2 |
| cesnet | libyang | 0.13:r1 |
| cesnet | libyang | 0.13:r2 |
| cesnet | libyang | 0.14:r1 |
| cesnet | libyang | 0.15:r1 |
| cesnet | libyang | 0.16:r1 |
| cesnet | libyang | 0.16:r2 |
| cesnet | libyang | 0.16:r3 |
| cesnet | libyang | 1.0:r1 |
| cesnet | libyang | 1.0:r2 |
| cesnet | libyang | 1.0:r3 |
| cesnet | libyang | 1.0:r4 |
| redhat | enterprise_linux | 8.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References