A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
{ "vanir_signatures": [ { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "id": "CVE-2019-20394-41732613", "source": "https://github.com/cesnet/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6", "digest": { "function_hash": "334333495555913111835902825800076662424", "length": 121759.0 }, "target": { "function": "yyparse", "file": "src/parser_yang_bis.c" } }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "id": "CVE-2019-20394-c15508ec", "source": "https://github.com/cesnet/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6", "digest": { "line_hashes": [ "164382308562417233091935855972747064438", "44550129803751250994624942069642899974", "132892422234432367498765861481733659786", "71028133021889715123863036278562934561" ], "threshold": 0.9 }, "target": { "file": "src/parser_yang_bis.c" } } ] }