2185926 – (CVE-2023-26917) CVE-2023-26917 libyang: NULL pointer dereference via lysp_stmt_validate_value at lys_parse_mem.c

Bug 2185926 (CVE-2023-26917) - CVE-2023-26917 libyang: NULL pointer dereference via lysp_stmt_validate_value at lys_parse_mem.c

Summary: CVE-2023-26917 libyang: NULL pointer dereference via lysp_stmt_validate_value...

Keywords:
Status:	NEW
Alias:	CVE-2023-26917
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2185927 2185928 2188572 2188573
Blocks:	2185930
TreeView+	depends on / blocked

Reported:	2023-04-11 16:05 UTC by Pedro Sampaio
Modified:	2023-07-07 08:29 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-04-11 16:05:24 UTC

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.

References:

https://github.com/CESNET/libyang/issues/1987

Comment 1 Pedro Sampaio 2023-04-11 16:05:41 UTC

Created libyang tracking bugs for this issue:

Affects: epel-7 [bug 2185928]
Affects: fedora-all [bug 2185927]

Note You need to log in before you can comment on or make changes to this bug.