A NULL pointer dereference is present in libyang before v1.0-r3 in the function lysextensioninstancesfree() due to a copy of unresolved extensions in lysrestr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
{ "vanir_signatures": [ { "target": { "file": "src/tree_schema.c" }, "digest": { "line_hashes": [ "47057829883453850662777565401974008433", "2962779122798403009016500093738661883", "35155857828643995570069637654412522537", "177345036629041976534470018548302784898", "33582507515680815319481015823527354523" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/cesnet/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08", "id": "CVE-2019-20398-599ecb19", "signature_type": "Line", "deprecated": false }, { "target": { "function": "lys_restr_dup", "file": "src/tree_schema.c" }, "digest": { "length": 909.0, "function_hash": "310547109486459982374848703543419293865" }, "signature_version": "v1", "source": "https://github.com/cesnet/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08", "id": "CVE-2019-20398-b0f6280f", "signature_type": "Function", "deprecated": false } ] }