Bug 1793929 (CVE-2019-20396) - CVE-2019-20396 libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern
Summary: CVE-2019-20396 libyang: heap-based buffer over-read in function lys_type_free...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-20396
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1797550 1797618 1910046
Blocks: 1790579
TreeView+ depends on / blocked
 
Reported: 2020-01-22 09:53 UTC by Riccardo Schirone
Modified: 2021-10-28 10:10 UTC (History)
2 users (show)

Fixed In Version: libyang 1.0-r1
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.
Clone Of:
Environment:
Last Closed: 2021-10-28 10:10:30 UTC
Embargoed:

Attachments (Terms of Use)

Description Riccardo Schirone 2020-01-22 09:53:18 UTC 
A heap-based buffer over-read is present in libyang up to version v1.0-r1 in function lys_type_free() due to malformed pattern statement value. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or information leaks. 

Upstream issue:
https://github.com/CESNET/libyang/issues/740

Upstream fix:
https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
Comment 1 Riccardo Schirone 2020-02-03 11:47:36 UTC 
Created libyang tracking bugs for this issue:

Affects: fedora-all [bug 1797550]
Note You need to log in before you can comment on or make changes to this bug.