CVE-2019-20398

A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
Configurations

Configuration 1

cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*

Information

Published : 2020-01-22 10:15

Updated : 2020-01-23 08:13


NVD link : CVE-2019-20398

Mitre link : CVE-2019-20398

Products Affected
No products.
CWE