CVE-2019-20397

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Configurations

Configuration 1

cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*

Information

Published : 2020-01-22 10:15

Updated : 2020-01-23 09:18


NVD link : CVE-2019-20397

Mitre link : CVE-2019-20397

Products Affected
No products.
CWE