NULL Pointer Dereference in libyang Affects Multiple Versions
CVE-2023-26916

5.3MEDIUM

Key Information:

Vendor

Cesnet

Status
Libyang
Vendor
CVE Published:
3 April 2023

What is CVE-2023-26916?

A vulnerability has been identified in the libyang library, specifically affecting versions from 2.0.164 to 2.1.30. The issue arises from a NULL pointer dereference in the lys_parse_mem function, which could lead to unexpected behavior or crashes in applications using this library. Users of these affected versions should review the available advisories and consider applying necessary updates or mitigations to enhance system security.

References

https://github.com/CESNET/libyang/issues/1979
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.