Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-20392 (GCVE-0-2019-20392)
Vulnerability from cvelistv5 – Published: 2020-01-22 00:00 – Updated: 2024-08-05 02:39
VLAI?
EPSS
Summary
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/issues/723"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T21:06:15.096750",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
},
{
"url": "https://github.com/CESNET/libyang/issues/723"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20392",
"datePublished": "2020-01-22T00:00:00",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"05C120CA-50EF-4B6D-92C9-ED736219DB07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"35D48EC4-58D2-49C6-8049-920787733587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B57F3953-49D6-413C-A4AE-03125935FC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD62411F-A524-4E80-B540-780EA39CB6A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"124A5D30-7451-4516-9AA2-963AE62DD679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C260D13B-82E9-4596-9116-61073B42D661\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.\"}, {\"lang\": \"es\", \"value\": \"Un fallo de acceso a memoria no v\\u00e1lida est\\u00e1 presente en libyang versiones anteriores a v1.0-r1, en la funci\\u00f3n resolve_feature_value() cuando es usada una sentencia if-feature dentro de un nodo de clave de lista, y la caracter\\u00edstica usada no est\\u00e1 definida. Las aplicaciones que utilizan libyang para analizar archivos de entrada yang no confiables pueden bloquearse.\"}]",
"id": "CVE-2019-20392",
"lastModified": "2024-11-21T04:38:22.570",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-01-22T22:15:10.143",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1793922\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/723\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1793922\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-20392\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-01-22T22:15:10.143\",\"lastModified\":\"2024-11-21T04:38:22.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.\"},{\"lang\":\"es\",\"value\":\"Un fallo de acceso a memoria no v\u00e1lida est\u00e1 presente en libyang versiones anteriores a v1.0-r1, en la funci\u00f3n resolve_feature_value() cuando es usada una sentencia if-feature dentro de un nodo de clave de lista, y la caracter\u00edstica usada no est\u00e1 definida. Las aplicaciones que utilizan libyang para analizar archivos de entrada yang no confiables pueden bloquearse.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C120CA-50EF-4B6D-92C9-ED736219DB07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35D48EC4-58D2-49C6-8049-920787733587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B57F3953-49D6-413C-A4AE-03125935FC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD62411F-A524-4E80-B540-780EA39CB6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"124A5D30-7451-4516-9AA2-963AE62DD679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C260D13B-82E9-4596-9116-61073B42D661\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793922\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/723\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2019-20392
Vulnerability from fkie_nvd - Published: 2020-01-22 22:15 - Updated: 2024-11-21 04:38
Severity ?
Summary
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"matchCriteriaId": "65E91322-5F67-43C2-8112-5ECAEC2A3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"matchCriteriaId": "80A88DE4-93F8-40C3-AA52-A5F353F028AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "05C120CA-50EF-4B6D-92C9-ED736219DB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"matchCriteriaId": "99D1FA55-3F56-4E09-B41E-B05C199B96B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"matchCriteriaId": "35D48EC4-58D2-49C6-8049-920787733587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"matchCriteriaId": "B57F3953-49D6-413C-A4AE-03125935FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"matchCriteriaId": "DD62411F-A524-4E80-B540-780EA39CB6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"matchCriteriaId": "FEF091B1-978A-4881-B1FC-6848CD1A7BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"matchCriteriaId": "0C50D690-9A4D-4B78-BF4E-A4D9B4074216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"matchCriteriaId": "124A5D30-7451-4516-9AA2-963AE62DD679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"matchCriteriaId": "C260D13B-82E9-4596-9116-61073B42D661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash."
},
{
"lang": "es",
"value": "Un fallo de acceso a memoria no v\u00e1lida est\u00e1 presente en libyang versiones anteriores a v1.0-r1, en la funci\u00f3n resolve_feature_value() cuando es usada una sentencia if-feature dentro de un nodo de clave de lista, y la caracter\u00edstica usada no est\u00e1 definida. Las aplicaciones que utilizan libyang para analizar archivos de entrada yang no confiables pueden bloquearse."
}
],
"id": "CVE-2019-20392",
"lastModified": "2024-11-21T04:38:22.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T22:15:10.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/723"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2020-10242
Vulnerability from cnvd - Published: 2020-02-19
VLAI Severity ?
Title
libyang缓冲区溢出漏洞(CNVD-2020-10242)
Description
libyang是一款使用C语言编写的YANG数据建模语言解析器和工具包。
libyang 1.0-r1之前版本的‘resolve_feature_value()’函数中存在缓冲区溢出漏洞。攻击者可利用该漏洞造成应用程序崩溃。
Severity
中
Patch Name
libyang缓冲区溢出漏洞(CNVD-2020-10242)的补丁
Patch Description
libyang是一款使用C语言编写的YANG数据建模语言解析器和工具包。
libyang 1.0-r1之前版本的‘resolve_feature_value()’函数中存在缓冲区溢出漏洞。攻击者可利用该漏洞造成应用程序崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
Reference
https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
Impacted products
| Name | libyang libyang <1.0-r1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-20392",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
},
"description": "libyang\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684YANG\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u89e3\u6790\u5668\u548c\u5de5\u5177\u5305\u3002\n\nlibyang 1.0-r1\u4e4b\u524d\u7248\u672c\u7684\u2018resolve_feature_value()\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-10242",
"openTime": "2020-02-19",
"patchDescription": "libyang\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684YANG\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u89e3\u6790\u5668\u548c\u5de5\u5177\u5305\u3002\r\n\r\nlibyang 1.0-r1\u4e4b\u524d\u7248\u672c\u7684\u2018resolve_feature_value()\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libyang\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-10242\uff09\u7684\u8865\u4e01",
"products": {
"product": "libyang libyang \u003c1.0-r1"
},
"referenceLink": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5",
"serverity": "\u4e2d",
"submitTime": "2020-02-18",
"title": "libyang\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-10242\uff09"
}
RHEA-2021:1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2025-11-21 17:24Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:24:22+00:00",
"generator": {
"date": "2025-11-21T17:24:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:24:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
RHEA-2021_1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2024-11-22 16:19Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T16:19:32+00:00",
"generator": {
"date": "2024-11-22T16:19:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:19:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
GHSA-5XX9-WG6X-HJ24
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2023-09-20 00:30
VLAI?
Details
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-20392"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-22T22:15:00Z",
"severity": "MODERATE"
},
"details": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.",
"id": "GHSA-5xx9-wg6x-hj24",
"modified": "2023-09-20T00:30:14Z",
"published": "2022-05-24T17:07:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/issues/723"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-20392
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-20392",
"description": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.",
"id": "GSD-2019-20392",
"references": [
"https://www.suse.com/security/cve/CVE-2019-20392.html",
"https://access.redhat.com/errata/RHEA-2021:1906"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-20392"
],
"details": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.",
"id": "GSD-2019-20392",
"modified": "2023-12-13T01:23:43.141395Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
},
{
"name": "https://github.com/CESNET/libyang/issues/723",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/issues/723"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20392"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/issues/723",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/723"
},
{
"name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-09-19T22:15Z",
"publishedDate": "2020-01-22T22:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…