Описание
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libyang2 | not-affected | package | ||
| libyang | fixed | 3.4.2+dfsg-2 | package | |
| libyang | no-dsa | bullseye | package | |
| libyang | no-dsa | buster | package |
Примечания
https://github.com/CESNET/libyang/issues/1453
https://github.com/CESNET/libyang/commit/298b30ea4ebee137226acf9bb38678bd82704582 (v1.0.240)
src:libyang was removed and later re-introduced as src:libyang with version 3
EPSS
Связанные уязвимости
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
Уязвимость функции lyxml_parse_mem() синтаксического анализатора и инструментария языка моделирования данных YANG Libyang, связанная с неконтролируемой рекурсией, позволяющая нарушителю вызвать отказ в обслуживании
EPSS