Search CVE reports
1 – 3 of 3 results
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.
2 affected packages
libyang, libyang2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyang | Not in release | Not affected | Not affected | Not in release |
| libyang2 | Vulnerable | Not affected | — | — |
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
2 affected packages
libyang, libyang2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyang | Not in release | Not affected | Not affected | Not in release |
| libyang2 | Vulnerable | Not affected | — | — |
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
2 affected packages
libyang, libyang2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyang | Not in release | Not affected | Vulnerable | Not in release |
| libyang2 | Not affected | Not affected | Not in release | Not in release |