CVE-2019-20397

A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.

References

Affected packages

Git / github.com/cesnet/libyang

Affected ranges

Type: GIT
Repo: https://github.com/cesnet/libyang
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4

Affected versions

v0.*

v0.11-r1

v0.11-r2

v0.12-r1

v0.12-r2

v0.13-r1

v0.13-r2

v0.14-r1

v0.15-r1

v0.16-r1

v0.16-r2

v0.16-r3

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "src/parser_yang_bis.c"
        },
        "id": "CVE-2019-20397-9548a224",
        "digest": {
            "line_hashes": [
                "19930810062833946386526714722842093264",
                "71728508169115866837575559710155390212",
                "211047695715142250079411845799262406046",
                "324012456461005424292435550707084261776"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/cesnet/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4",
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "yyerror",
            "file": "src/parser_yang_bis.c"
        },
        "id": "CVE-2019-20397-b1c9eb7b",
        "digest": {
            "function_hash": "255861764402369204287198891288229464985",
            "length": 446.0
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/cesnet/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4",
        "signature_type": "Function"
    }
]