Описание
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-20392
- https://github.com/CESNET/libyang/issues/723
- https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
- https://bugzilla.redhat.com/show_bug.cgi?id=1793922
- https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1
- https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html
Связанные уязвимости
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
An invalid memory access flaw is present in libyang before v1.0-r1 in ...