Denial of Service Vulnerability in libyang by CESNET
CVE-2021-28903

7.5HIGH

Key Information:

Vendor: Cesnet
Status: Libyang
Vendor: CVE Published:; 20 May 2021

What is CVE-2021-28903?

A stack overflow vulnerability exists in the libyang library, specifically in versions up to and including v1.0.225. The issue arises from a recursive call to the lyxml_parse_elem() function, which leads to excessive consumption of stack space. This vulnerability can facilitate denial of service attacks, resulting in the application crashing when exploiting this flaw, making it essential for users of affected versions to apply the necessary updates.

References

https://github.com/CESNET/libyang/issues/1453

x_refsource_CONFIRM

https://security.gentoo.org/glsa/202107-54

vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2021
Vulnerability Reserved
Mar 19, 2021

CVE-2021-28903 Data

JSON

Cesnet

What is CVE-2021-28903?

References

CVSS V3.1

Timeline