Bug 1793928 (CVE-2019-20397) - CVE-2019-20397 libyang: double-free in yyparse() when organization field is not terminated
Summary: CVE-2019-20397 libyang: double-free in yyparse() when organization field is n...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-20397
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1797539 1797617 1910046
Blocks: 1790579
TreeView+ depends on / blocked
 
Reported: 2020-01-22 09:50 UTC by Riccardo Schirone
Modified: 2021-10-28 10:10 UTC (History)
2 users (show)

Fixed In Version: libyang 1.0-r1
Clone Of:
Environment:
Last Closed: 2021-10-28 10:10:26 UTC
Embargoed:


Attachments (Terms of Use)

Description Riccardo Schirone 2020-01-22 09:50:28 UTC
A double-free is present in libyang up to version v1.0-r1 in function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

Upstream issue:
https://github.com/CESNET/libyang/issues/739

Upstream fix:
https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4

Comment 1 Riccardo Schirone 2020-02-03 11:33:56 UTC
Created libyang tracking bugs for this issue:

Affects: fedora-all [bug 1797539]


Note You need to log in before you can comment on or make changes to this bug.