CVE-2019-20397

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-20397
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20397.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-20397
Downstream
Published
2020-01-22T22:15:10.550Z
Modified
2026-03-13T22:32:07.107366Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

References

Affected packages

Git / github.com/cesnet/libyang

Affected ranges

Type
GIT
Repo
https://github.com/cesnet/libyang
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
14a95280b2bd77b5fd1d9b5f8af71b15679f1a8f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ebcf465b4250c869eeb727e64b0caa419ba15465
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4ebd79ec4fc92f7989e45532abc55ef6593b60aa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7e811613b335afc8e1b2c0ee77e7b3f371bc9175
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ca88008d7068eaefd9cc04b18a523283dae3561e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0ee330494a94ada40da59ad6037fd3138fe8ec9a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ccd6dea3eb7256dbc835507d7253eb5596c31b2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
054ed1fcd480dc4130d98206548c8fe1ac512356
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
13b20f94f080cc493b3fd22604d0635585194231
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2ec826a984204d034f43a7ad72d835bc99974ede
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9e316f344e73316bf058ef88bd5ba852ad65ba25
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11-r1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11-r2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.12-r1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.12-r2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.13-r1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.13-r2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.14-r1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.15-r1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.16-r1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.16-r2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.16-r3"
        }
    ]
}

Affected versions

v0.*
v0.11-r1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20397.json"