CVE-2019-20393

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

References

Affected packages

Git / github.com/cesnet/libyang

Affected ranges

Type: GIT
Repo: https://github.com/cesnet/libyang
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d9feacc4a590d35dbc1af21caf9080008b4450ed

Affected versions

v0.*

v0.11-r1

v0.11-r2

v0.12-r1

v0.12-r2

v0.13-r1

v0.13-r2

v0.14-r1

v0.15-r1

v0.16-r1

v0.16-r2

v0.16-r3

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-20393-0b51fd0c",
            "signature_type": "Function",
            "target": {
                "file": "src/parser_yang.c",
                "function": "yang_read_extcomplex_str"
            },
            "digest": {
                "function_hash": "210618447206416842963716160319291067596",
                "length": 2549.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/cesnet/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
        },
        {
            "id": "CVE-2019-20393-771ceaf5",
            "signature_type": "Line",
            "target": {
                "file": "src/parser_yang.h"
            },
            "digest": {
                "line_hashes": [
                    "159197367693089516205569419912882508586",
                    "338106989825557444275081214165145915240",
                    "173638409708146125147860696944110058569",
                    "53588195873947443362605094523268632561"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/cesnet/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
        },
        {
            "id": "CVE-2019-20393-7c066af9",
            "signature_type": "Line",
            "target": {
                "file": "src/parser_yang.c"
            },
            "digest": {
                "line_hashes": [
                    "21416199901454646743488100686154337882",
                    "99164107408091063006777308910482006306",
                    "61145605236541993103649237040225949367",
                    "25219585484697981976401862072666946141",
                    "211425843115769248843453539035067461254",
                    "339575617453095667235171076010640122886",
                    "120029062690870830515387605234494720776",
                    "36172509862558898669720294441233507847",
                    "254486200007475077881178437586168801239",
                    "177520086970103864665717550503336861879",
                    "194409106657883996911427762030776432816",
                    "117077981437795543605848299468409372024",
                    "80297440400200033459641880579578726293",
                    "153541918219877504581369759612042270485",
                    "271518729587833602837386109568267296786",
                    "297590879985857847552467511180086627227",
                    "177270519452510328620494519888220248824"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/cesnet/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
        },
        {
            "id": "CVE-2019-20393-897a4187",
            "signature_type": "Function",
            "target": {
                "file": "src/parser_yang_bis.c",
                "function": "yyparse"
            },
            "digest": {
                "function_hash": "297619105104962865464252916456058722015",
                "length": 121723.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/cesnet/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
        },
        {
            "id": "CVE-2019-20393-957c8d30",
            "signature_type": "Line",
            "target": {
                "file": "src/parser_yang_bis.c"
            },
            "digest": {
                "line_hashes": [
                    "281173314764415771078734596198839755998",
                    "160286089755377420471048506915642211568",
                    "175388115082871246159087214172897637780",
                    "273804716555576637974727595170238162137",
                    "310981047629080967697626232498865314043",
                    "90823686894974054152352645734798982690",
                    "28012874169947363259138203723484029924",
                    "41694348609127876001830458036253700810",
                    "131777903932017419486465995440103100648",
                    "168013029427957451649208388171256321784",
                    "186245089661852243317568101655424807515",
                    "81108806283943699757978489840608461396",
                    "50197152091423902626038935630591975267",
                    "308088478696431713122006729790779885025",
                    "28599201766766415515356910472396650691",
                    "194251369466084534053266358921769586418",
                    "48886778270000747810057481298878765273",
                    "295041330686215775529943419110018374422",
                    "7550286812935820323808551807101263791",
                    "12114679460682025133744961202188155820",
                    "69563439567826275403782157747820226829",
                    "264145785382469150700010076871629393182",
                    "48015251036073566216842964328906380190",
                    "20969775262226781481092469174613296434",
                    "161875272980297512773701091650123129992",
                    "239587576820807265019085726896510712062",
                    "270582090242205734324764746108689898697",
                    "329491352820764632893578964270107894124",
                    "89123590792079233993250112918373910657",
                    "185542756248377223930882272774750473442",
                    "143546575568490012525947902002105892405",
                    "183892370886530013127993239560636193310",
                    "192318873967208278677638109277753104145",
                    "180817541286572442755944851340801350087",
                    "263210088259807270771394852731167125662",
                    "26847781364965320247592763304101656632",
                    "97430940798891537200917969977282827827",
                    "203839397688829917857372281443131757783",
                    "185575732252900552358483226676836365434",
                    "218148538451266829825753437215346701203",
                    "213425459907171197499333283281566514602",
                    "11892478604650406129648621206888448413",
                    "104055479078570837068541309030847886051",
                    "292839487684752323339842305008817444422",
                    "337924772314129945170287766072078882562",
                    "290944425752099368339658787501825879325",
                    "239862230735436140578488231568880269421",
                    "219048122820663869899582858462045827627",
                    "260060293791655827972520123066455821443",
                    "75093356721276301056581711965015187354",
                    "294652982765899541525287073317883349072",
                    "221195174597733744918813477800015070452",
                    "103068719435928311614366960102813526850",
                    "24412773842532597515577637433450339985",
                    "138753240435025182351849187912868853524",
                    "104699215554303490721106272557452301292",
                    "73595796927291042388008768248289119025",
                    "213878865549469413887381018988286868657",
                    "246735937759765771582976692450516169314",
                    "149068710609364842013269967989769065268",
                    "331792664372799127003290740983244951507",
                    "30007146344462048416157824632232802324",
                    "657236584375837295832280113545998170",
                    "82051395226462430428823479045117612741",
                    "17883174574016127189154554461401547220",
                    "62629405015727775025619654707274040385",
                    "120656547916620015523684584115728828245",
                    "252844827007950580572148529655832974140",
                    "323601965787562601594957188307789821339",
                    "82310983095193557974985880835690465373",
                    "1817202309068896578043245509465660462",
                    "235505973840472814673301729253275616595"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/cesnet/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
        }
    ]
}