Vulnerability Details CVE-2023-26916
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.3%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/CESNET/libyang/issues/1979
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/
- https://github.com/CESNET/libyang/issues/1979
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/
Products affected by CVE-2023-26916
-
cpe:2.3:a:cesnet:libyang:2.0.164
-
cpe:2.3:a:cesnet:libyang:2.0.194
-
cpe:2.3:a:cesnet:libyang:2.0.231
-
cpe:2.3:a:cesnet:libyang:2.1.30
-
cpe:2.3:a:cesnet:libyang:2.1.4
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37