CVE-2019-20395

Опубликовано: 22 янв. 2020

Источник: debian

Описание

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libyang	fixed	1.0.167-1	experimental	package
libyang	fixed	1.0.176-1		package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=1793924
https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237
https://github.com/CESNET/libyang/issues/724

Связанные уязвимости

CVE-2019-20395

CVSS3: 6.5

ubuntu

около 6 лет назад

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

CVE-2019-20395

CVSS3: 5.5

redhat

почти 7 лет назад

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

CVE-2019-20395

CVSS3: 6.5

nvd

около 6 лет назад

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

GHSA-3ffh-3h59-484g

CVSS3: 6.5

github

больше 3 лет назад

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.