Описание
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
A flaw was found in libyang. An assertion in lys_node_free function may be reached or, if assertions are disabled, a NULL pointer dereference could be triggered allowing a remote attacker to crash an application that uses libyang with user-controlled YIN data. The highest threat from this vulnerability is the service availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | libyang | Will not fix | ||
| Red Hat Enterprise Linux 9 | libyang | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
In function lys_node_free() in libyang <= v1.0.225, it asserts that th ...
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
7.5 High
CVSS3