Home

CVE-2019-19334

Description

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type identityref. An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.781

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2019:4360) libyang security update libyang-0.16.105-3.el8_1.2.i686.rpmLinux
(RHSA-2019:4360) libyang security update libyang-0.16.105-3.el8_1.2.x86_64.rpmLinux
(RHSA-2019:4360) libyang security update libyang-debugsource-0.16.105-3.el8_1.2.i686.rpmLinux
(RHSA-2019:4360) libyang security update libyang-debugsource-0.16.105-3.el8_1.2.x86_64.rpmLinux
(CESA-2019:4360) libyang security update libyang-0.16.105-3.el8_1.2.i686.rpmLinux
(CESA-2019:4360) libyang security update libyang-0.16.105-3.el8_1.2.x86_64.rpmLinux
(RHSA-2019:4360)Important: security update libyang-cpp-debuginfo-0.16.105-3.el8_1.2.i686.rpmLinux
(RHSA-2019:4360)Important: security update libyang-cpp-debuginfo-0.16.105-3.el8_1.2.x86_64.rpmLinux
(RHSA-2019:4360)Important: security update libyang-debuginfo-0.16.105-3.el8_1.2.i686.rpmLinux
(RHSA-2019:4360)Important: security update libyang-debuginfo-0.16.105-3.el8_1.2.x86_64.rpmLinux
(RHSA-2019:4360)Important: security update python3-libyang-debuginfo-0.16.105-3.el8_1.2.i686.rpmLinux
(RHSA-2019:4360)Important: security update python3-libyang-debuginfo-0.16.105-3.el8_1.2.x86_64.rpmLinux
Libyang update (ELSA-2019-4360) libyang-0.16.105-3.el8_1.2.i686.rpmLinux
Libyang update (ELSA-2019-4360) libyang-0.16.105-3.el8_1.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234