NULL Pointer Dereference in libyang for CESNET
CVE-2023-26917

7.5HIGH

Key Information:

Vendor: Cesnet
Status: Libyang
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-26917?

libyang versions from 2.0.164 to 2.1.30 contain a vulnerability that allows NULL pointer dereference during the execution of the function lysp_stmt_validate_value in lys_parse_mem.c. This flaw could lead to unexpected behavior or application crashes, posing a risk to users relying on the affected library for their applications.

References

https://github.com/CESNET/libyang/issues/1987

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-26917 Data

JSON

Cesnet

What is CVE-2023-26917?

References

CVSS V3.1

Timeline