Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libyang vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-26917
libyang from v2.0.164 to v2.1.30 exists to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.
Cesnet Libyang
5.3
CVSSv3
CVE-2023-26916
libyang from v2.0.164 to v2.1.30 exists to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
Cesnet Libyang
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-28903
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
Cesnet Libyang
7.5
CVSSv3
CVE-2021-28904
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
Cesnet Libyang
7.5
CVSSv3
CVE-2021-28905
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
Cesnet Libyang
7.5
CVSSv3
CVE-2021-28902
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
Cesnet Libyang
7.5
CVSSv3
CVE-2021-28906
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
Cesnet Libyang
6.5
CVSSv3
CVE-2019-20396
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
8.8
CVSSv3
CVE-2019-20393
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
6.5
CVSSv3
CVE-2019-20391
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
Cesnet Libyang 1.0
Cesnet Libyang 0.16
Cesnet Libyang 0.13
Cesnet Libyang 0.12
Cesnet Libyang 0.11
Cesnet Libyang 0.14
Cesnet Libyang 0.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »