1. CVE-Search
  2. CVE-2019-19333
ID CVE-2019-19333
Summary In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:1.0:r3:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:1.0:r3:*:*:*:*:*:*
  • cpe:2.3:a:cesnet:libyang:1.0:r4:*:*:*:*:*:*
    cpe:2.3:a:cesnet:libyang:1.0:r4:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-12-2019 - 04:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2019:4360
rpms
  • libyang-0:0.16.105-3.el8_1.2
  • libyang-cpp-debuginfo-0:0.16.105-3.el8_1.2
  • libyang-debuginfo-0:0.16.105-3.el8_1.2
  • libyang-debugsource-0:0.16.105-3.el8_1.2
  • python3-libyang-debuginfo-0:0.16.105-3.el8_1.2
refmap via4
confirm
fedora
  • FEDORA-2019-9d83929ffa
  • FEDORA-2019-dfe0b42bc5
Last major update 18-12-2019 - 04:15
Published 06-12-2019 - 16:15
Last modified 18-12-2019 - 04:15
Back to Top