Описание
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 0.16.105-2 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/focal | not-affected | 0.16.105-2 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 0.16.105-2 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
7.5 High
CVSS2
9.8 Critical
CVSS3