Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-20393 (GCVE-0-2019-20393)
Vulnerability from cvelistv5 – Published: 2020-01-22 00:00 – Updated: 2024-08-05 02:39
VLAI?
EPSS
Summary
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/issues/742"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T21:06:16.669404",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"url": "https://github.com/CESNET/libyang/issues/742"
},
{
"url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20393",
"datePublished": "2020-01-22T00:00:00",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"05C120CA-50EF-4B6D-92C9-ED736219DB07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"35D48EC4-58D2-49C6-8049-920787733587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B57F3953-49D6-413C-A4AE-03125935FC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD62411F-A524-4E80-B540-780EA39CB6A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"124A5D30-7451-4516-9AA2-963AE62DD679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C260D13B-82E9-4596-9116-61073B42D661\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.\"}, {\"lang\": \"es\", \"value\": \"Una doble liberaci\\u00f3n est\\u00e1 presente en libyang versiones anteriores a v1.0-r1, en la funci\\u00f3n yyparse() cuando es usada una descripci\\u00f3n vac\\u00eda. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden ser vulnerables a este fallo, lo que podr\\u00eda causar un bloqueo o potencialmente una ejecuci\\u00f3n de c\\u00f3digo.\"}]",
"id": "CVE-2019-20393",
"lastModified": "2024-11-21T04:38:22.720",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-01-22T22:15:10.237",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1793930\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/742\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1793930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/742\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-415\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-20393\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-01-22T22:15:10.237\",\"lastModified\":\"2024-11-21T04:38:22.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.\"},{\"lang\":\"es\",\"value\":\"Una doble liberaci\u00f3n est\u00e1 presente en libyang versiones anteriores a v1.0-r1, en la funci\u00f3n yyparse() cuando es usada una descripci\u00f3n vac\u00eda. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden ser vulnerables a este fallo, lo que podr\u00eda causar un bloqueo o potencialmente una ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C120CA-50EF-4B6D-92C9-ED736219DB07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35D48EC4-58D2-49C6-8049-920787733587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B57F3953-49D6-413C-A4AE-03125935FC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD62411F-A524-4E80-B540-780EA39CB6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"124A5D30-7451-4516-9AA2-963AE62DD679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C260D13B-82E9-4596-9116-61073B42D661\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/742\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHEA-2021:1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2025-11-21 17:24Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:24:22+00:00",
"generator": {
"date": "2025-11-21T17:24:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:24:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
RHEA-2021_1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2024-11-22 16:19Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T16:19:32+00:00",
"generator": {
"date": "2024-11-22T16:19:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:19:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
CNVD-2020-10241
Vulnerability from cnvd - Published: 2020-02-19
VLAI Severity ?
Title
libyang资源管理错误漏洞(CNVD-2020-10241)
Description
libyang是一款使用C语言编写的YANG数据建模语言解析器和工具包。
libyang 1.0-r1之前版本中的‘yyparse()’函数存在资源管理错误漏洞。攻击者可利用该漏洞造成应用程序崩溃或可能执行代码。
Severity
中
Patch Name
libyang资源管理错误漏洞(CNVD-2020-10241)的补丁
Patch Description
libyang是一款使用C语言编写的YANG数据建模语言解析器和工具包。
libyang 1.0-r1之前版本中的‘yyparse()’函数存在资源管理错误漏洞。攻击者可利用该漏洞造成应用程序崩溃或可能执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed
Reference
https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed
Impacted products
| Name | libyang libyang <1.0-r1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-20393",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
},
"description": "libyang\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684YANG\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u89e3\u6790\u5668\u548c\u5de5\u5177\u5305\u3002\n\nlibyang 1.0-r1\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018yyparse()\u2019\u51fd\u6570\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u80fd\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-10241",
"openTime": "2020-02-19",
"patchDescription": "libyang\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684YANG\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u89e3\u6790\u5668\u548c\u5de5\u5177\u5305\u3002\r\n\r\nlibyang 1.0-r1\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018yyparse()\u2019\u51fd\u6570\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u80fd\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libyang\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-10241\uff09\u7684\u8865\u4e01",
"products": {
"product": "libyang libyang \u003c1.0-r1"
},
"referenceLink": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed",
"serverity": "\u4e2d",
"submitTime": "2020-02-18",
"title": "libyang\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-10241\uff09"
}
GSD-2019-20393
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-20393",
"description": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.",
"id": "GSD-2019-20393",
"references": [
"https://www.suse.com/security/cve/CVE-2019-20393.html",
"https://access.redhat.com/errata/RHEA-2021:1906"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-20393"
],
"details": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.",
"id": "GSD-2019-20393",
"modified": "2023-12-13T01:23:42.657616Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "https://github.com/CESNET/libyang/issues/742",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/issues/742"
},
{
"name": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20393"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
},
{
"name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"name": "https://github.com/CESNET/libyang/issues/742",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/742"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-09-19T22:15Z",
"publishedDate": "2020-01-22T22:15Z"
}
}
}
GHSA-XR5G-JRQ4-W3J4
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2023-09-20 00:30
VLAI?
Details
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2019-20393"
],
"database_specific": {
"cwe_ids": [
"CWE-415"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-22T22:15:00Z",
"severity": "MODERATE"
},
"details": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.",
"id": "GHSA-xr5g-jrq4-w3j4",
"modified": "2023-09-20T00:30:14Z",
"published": "2022-05-24T17:07:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/issues/742"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2019-20393
Vulnerability from fkie_nvd - Published: 2020-01-22 22:15 - Updated: 2024-11-21 04:38
Severity ?
Summary
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"matchCriteriaId": "65E91322-5F67-43C2-8112-5ECAEC2A3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"matchCriteriaId": "80A88DE4-93F8-40C3-AA52-A5F353F028AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "05C120CA-50EF-4B6D-92C9-ED736219DB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"matchCriteriaId": "99D1FA55-3F56-4E09-B41E-B05C199B96B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"matchCriteriaId": "35D48EC4-58D2-49C6-8049-920787733587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"matchCriteriaId": "B57F3953-49D6-413C-A4AE-03125935FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"matchCriteriaId": "DD62411F-A524-4E80-B540-780EA39CB6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"matchCriteriaId": "FEF091B1-978A-4881-B1FC-6848CD1A7BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"matchCriteriaId": "0C50D690-9A4D-4B78-BF4E-A4D9B4074216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"matchCriteriaId": "124A5D30-7451-4516-9AA2-963AE62DD679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"matchCriteriaId": "C260D13B-82E9-4596-9116-61073B42D661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution."
},
{
"lang": "es",
"value": "Una doble liberaci\u00f3n est\u00e1 presente en libyang versiones anteriores a v1.0-r1, en la funci\u00f3n yyparse() cuando es usada una descripci\u00f3n vac\u00eda. Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden ser vulnerables a este fallo, lo que podr\u00eda causar un bloqueo o potencialmente una ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2019-20393",
"lastModified": "2024-11-21T04:38:22.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T22:15:10.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/742"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…