Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Cesnet Subscribe
Filtered by product Libyang

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28906 1 Cesnet 1 Libyang 2021-07-24 5.0 MEDIUM 7.5 HIGH
In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVE-2021-28905 1 Cesnet 1 Libyang 2021-07-24 5.0 MEDIUM 7.5 HIGH
In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
CVE-2021-28904 1 Cesnet 1 Libyang 2021-07-24 5.0 MEDIUM 7.5 HIGH
In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
CVE-2021-28903 1 Cesnet 1 Libyang 2021-07-24 5.0 MEDIUM 7.5 HIGH
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
CVE-2021-28902 1 Cesnet 1 Libyang 2021-07-24 5.0 MEDIUM 7.5 HIGH
In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVE-2019-20394 1 Cesnet 1 Libyang 2020-01-23 6.8 MEDIUM 8.8 HIGH
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVE-2019-20393 1 Cesnet 1 Libyang 2020-01-23 6.8 MEDIUM 8.8 HIGH
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVE-2019-20397 1 Cesnet 1 Libyang 2020-01-23 6.8 MEDIUM 8.8 HIGH
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.