An invalid memory access flaw is present in libyang up to version v1.0-r1 in function resolve_feature_value() when a if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash. Upstream issue: https://github.com/CESNET/libyang/issues/723 Upstream fix: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
This was actually fixed in RHEL-8.4.0 as part of the libyang rebase in https://access.redhat.com/errata/RHEA-2021:1906 .