CVE-2019-20392

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
Configurations

Configuration 1

cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*

Information

Published : 2020-01-22 10:15

Updated : 2020-01-23 09:18


NVD link : CVE-2019-20392

Mitre link : CVE-2019-20392

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer