Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-19334

Опубликовано: 06 дек. 2019
Источник: nvd
CVSS3: 8.1
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:1.0:r3:*:*:*:*:*:*
cpe:2.3:a:cesnet:libyang:1.0:r4:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00781
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-121
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2019-19334

CVSS3: 9.8
ubuntu
около 6 лет назад

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

redhat логотип

CVE-2019-19334

CVSS3: 8.1
redhat
около 6 лет назад

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

debian логотип

CVE-2019-19334

CVSS3: 9.8
debian
около 6 лет назад

In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...

github логотип

GHSA-936c-h6q8-79c4

CVSS3: 9.8
github
больше 3 лет назад

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

oracle-oval логотип

ELSA-2019-4360

oracle-oval
около 6 лет назад

ELSA-2019-4360: libyang security update (IMPORTANT)

EPSS

Процентиль: 73%
0.00781
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-121
CWE-787