Bug 1793932 (CVE-2019-20394) - CVE-2019-20394 libyang: double-free in yyparse() when a type statement is used in a notification statement
Summary: CVE-2019-20394 libyang: double-free in yyparse() when a type statement is use...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-20394
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1797544 1797620 1910046
Blocks: 1790579
TreeView+ depends on / blocked
 
Reported: 2020-01-22 09:57 UTC by Riccardo Schirone
Modified: 2021-10-28 10:10 UTC (History)
2 users (show)

Fixed In Version: libyang 1.0-r3
Doc Type: If docs needed, set a value
Doc Text:
A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.
Clone Of:
Environment:
Last Closed: 2021-10-28 10:10:36 UTC
Embargoed:

Attachments (Terms of Use)

Description Riccardo Schirone 2020-01-22 09:57:42 UTC 
A double-free is present in libyang up to version v1.0-r3 in function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

Upstream issue:
https://github.com/CESNET/libyang/issues/769

Upstream fix:
https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6
Comment 1 Riccardo Schirone 2020-02-03 11:38:53 UTC 
Created libyang tracking bugs for this issue:

Affects: fedora-all [bug 1797544]
Note You need to log in before you can comment on or make changes to this bug.