Segmentation Fault in libyang Affects Multiple Versions
CVE-2019-20396

6.5MEDIUM

Key Information:

Vendor: Cesnet
Status: Libyang
Vendor: CVE Published:; 22 January 2020

What is CVE-2019-20396?

A segmentation fault vulnerability exists in the yyparse function of the libyang library prior to version 1.0-r1. This issue arises from the handling of malformed pattern statement values during the lys_parse_path parsing process, which could lead to application crashes and unexpected behaviors. Users of libyang should ensure they are running a patched version to mitigate any potential risks associated with this vulnerability.

References

https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1

https://github.com/CESNET/libyang/issues/740

https://github.com/CESNET/libyang/commit/a1f17693904ed6fe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2020
Vulnerability Reserved
Jan 22, 2020

CVE-2019-20396 Data

JSON

Cesnet

What is CVE-2019-20396?

References

CVSS V3.1

Timeline