Vulnerability Details CVE-2019-20396
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
- https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1
- https://github.com/CESNET/libyang/issues/740
- https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html
- https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
- https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1
- https://github.com/CESNET/libyang/issues/740
- https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html
Products affected by CVE-2019-20396
-
cpe:2.3:a:cesnet:libyang:0.11
-
cpe:2.3:a:cesnet:libyang:0.12
-
cpe:2.3:a:cesnet:libyang:0.13
-
cpe:2.3:a:cesnet:libyang:0.14
-
cpe:2.3:a:cesnet:libyang:0.15
-
cpe:2.3:a:cesnet:libyang:0.16