CVE-2019-20397

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

References

Affected packages

Git / github.com/cesnet/libyang

Affected ranges

Type: GIT
Repo: https://github.com/cesnet/libyang
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4

Affected versions

v0.*

v0.11-r1

v0.11-r2

v0.12-r1

v0.12-r2

v0.13-r1

v0.13-r2

v0.14-r1

v0.15-r1

v0.16-r1

v0.16-r2

v0.16-r3

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-20397-9548a224",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "19930810062833946386526714722842093264",
                    "71728508169115866837575559710155390212",
                    "211047695715142250079411845799262406046",
                    "324012456461005424292435550707084261776"
                ]
            },
            "signature_type": "Line",
            "target": {
                "file": "src/parser_yang_bis.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/cesnet/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4"
        },
        {
            "id": "CVE-2019-20397-b1c9eb7b",
            "digest": {
                "length": 446.0,
                "function_hash": "255861764402369204287198891288229464985"
            },
            "signature_type": "Function",
            "target": {
                "file": "src/parser_yang_bis.c",
                "function": "yyerror"
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/cesnet/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4"
        }
    ]
}