Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libyang vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26917
libyang from v2.0.164 to v2.1.30 exists to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.
Cesnet Libyang
NA
CVE-2023-26916
libyang from v2.0.164 to v2.1.30 exists to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
Cesnet Libyang
Fedoraproject Fedora 36
Fedoraproject Fedora 37
445
VMScore
CVE-2021-28902
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
Cesnet Libyang
445
VMScore
CVE-2021-28903
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
Cesnet Libyang
445
VMScore
CVE-2021-28904
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
Cesnet Libyang
445
VMScore
CVE-2021-28905
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
Cesnet Libyang
445
VMScore
CVE-2021-28906
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
Cesnet Libyang
605
VMScore
CVE-2019-20393
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
383
VMScore
CVE-2019-20395
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
383
VMScore
CVE-2019-20398
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
Cesnet Libyang 1.0
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »