CVE-2019-19333

Summary

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Affected Software

VendorProductVersion RangeStatus
Red Hatlibyanglibyang all versions before 1.0-r5affected

Weaknesses

  • CWE-121: CWE-121

ADP Enrichment

CVE Program Container

Additional References

References