Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libyang vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26917
libyang from v2.0.164 to v2.1.30 exists to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.
Cesnet Libyang
NA
CVE-2023-26916
libyang from v2.0.164 to v2.1.30 exists to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
Cesnet Libyang
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5
CVSSv2
CVE-2021-28904
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
Cesnet Libyang
5
CVSSv2
CVE-2021-28903
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
Cesnet Libyang
5
CVSSv2
CVE-2021-28902
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
Cesnet Libyang
5
CVSSv2
CVE-2021-28905
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
Cesnet Libyang
5
CVSSv2
CVE-2021-28906
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
Cesnet Libyang
4.3
CVSSv2
CVE-2019-20396
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
6.8
CVSSv2
CVE-2019-20397
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
4.3
CVSSv2
CVE-2019-20398
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
Cesnet Libyang 1.0
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »