QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19334

Published: Dec 6, 2019

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

8.1

HIGH

Description

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Vendor	Product	Versions
Red Hat	libyang	affected `libyang all versions before 1.0-r5`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19334

x_refsource_CONFIRM

https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6

x_refsource_CONFIRM

FEDORA-2019-dfe0b42bc5

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-9d83929ffa

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.