In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2019-12-06T15:22:19
Updated: 2019-12-23T07:06:05
Reserved: 2019-11-27T00:00:00
Link: CVE-2019-19334
JSON object: View
NVD Information
Status : Modified
Published: 2019-12-06T16:15:10.920
Modified: 2023-11-07T03:07:38.133
Link: CVE-2019-19334
JSON object: View
Redhat Information
No data.