Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-20396 (GCVE-0-2019-20396)
Vulnerability from cvelistv5 – Published: 2020-01-22 00:00 – Updated: 2024-08-05 02:39
VLAI?
EPSS
Summary
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/issues/740"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T21:06:21.418775",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"url": "https://github.com/CESNET/libyang/issues/740"
},
{
"url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20396",
"datePublished": "2020-01-22T00:00:00",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"05C120CA-50EF-4B6D-92C9-ED736219DB07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"35D48EC4-58D2-49C6-8049-920787733587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B57F3953-49D6-413C-A4AE-03125935FC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD62411F-A524-4E80-B540-780EA39CB6A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"124A5D30-7451-4516-9AA2-963AE62DD679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C260D13B-82E9-4596-9116-61073B42D661\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.\"}, {\"lang\": \"es\", \"value\": \"Un error de segmentaci\\u00f3n est\\u00e1 presente en yyparse en libyang versiones anteriores a v1.0-r1, debido a un valor de sentencia pattern malformado durante el an\\u00e1lisis de lys_parse_path.\"}]",
"id": "CVE-2019-20396",
"lastModified": "2024-11-21T04:38:23.180",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-01-22T22:15:10.470",
"references": "[{\"url\": \"https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/740\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/740\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-20396\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-01-22T22:15:10.470\",\"lastModified\":\"2024-11-21T04:38:23.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.\"},{\"lang\":\"es\",\"value\":\"Un error de segmentaci\u00f3n est\u00e1 presente en yyparse en libyang versiones anteriores a v1.0-r1, debido a un valor de sentencia pattern malformado durante el an\u00e1lisis de lys_parse_path.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C120CA-50EF-4B6D-92C9-ED736219DB07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35D48EC4-58D2-49C6-8049-920787733587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B57F3953-49D6-413C-A4AE-03125935FC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD62411F-A524-4E80-B540-780EA39CB6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"124A5D30-7451-4516-9AA2-963AE62DD679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C260D13B-82E9-4596-9116-61073B42D661\"}]}]}],\"references\":[{\"url\":\"https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/740\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2019-20396
Vulnerability from fkie_nvd - Published: 2020-01-22 22:15 - Updated: 2024-11-21 04:38
Severity ?
Summary
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"matchCriteriaId": "65E91322-5F67-43C2-8112-5ECAEC2A3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"matchCriteriaId": "80A88DE4-93F8-40C3-AA52-A5F353F028AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "05C120CA-50EF-4B6D-92C9-ED736219DB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"matchCriteriaId": "99D1FA55-3F56-4E09-B41E-B05C199B96B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"matchCriteriaId": "35D48EC4-58D2-49C6-8049-920787733587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"matchCriteriaId": "B57F3953-49D6-413C-A4AE-03125935FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"matchCriteriaId": "DD62411F-A524-4E80-B540-780EA39CB6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"matchCriteriaId": "FEF091B1-978A-4881-B1FC-6848CD1A7BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"matchCriteriaId": "0C50D690-9A4D-4B78-BF4E-A4D9B4074216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"matchCriteriaId": "124A5D30-7451-4516-9AA2-963AE62DD679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"matchCriteriaId": "C260D13B-82E9-4596-9116-61073B42D661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing."
},
{
"lang": "es",
"value": "Un error de segmentaci\u00f3n est\u00e1 presente en yyparse en libyang versiones anteriores a v1.0-r1, debido a un valor de sentencia pattern malformado durante el an\u00e1lisis de lys_parse_path."
}
],
"id": "CVE-2019-20396",
"lastModified": "2024-11-21T04:38:23.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T22:15:10.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/740"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2019-20396
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-20396",
"description": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.",
"id": "GSD-2019-20396",
"references": [
"https://access.redhat.com/errata/RHEA-2021:1906"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-20396"
],
"details": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.",
"id": "GSD-2019-20396",
"modified": "2023-12-13T01:23:42.789083Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "https://github.com/CESNET/libyang/issues/740",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/issues/740"
},
{
"name": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20396"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"name": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8"
},
{
"name": "https://github.com/CESNET/libyang/issues/740",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/740"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-09-19T22:15Z",
"publishedDate": "2020-01-22T22:15Z"
}
}
}
RHEA-2021:1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2025-11-21 17:24Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:24:22+00:00",
"generator": {
"date": "2025-11-21T17:24:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:24:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
RHEA-2021_1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2024-11-22 16:19Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T16:19:32+00:00",
"generator": {
"date": "2024-11-22T16:19:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:19:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
CNVD-2020-10247
Vulnerability from cnvd - Published: 2020-02-19
VLAI Severity ?
Title
libyang输入验证错误漏洞
Description
libyang是一款使用C语言编写的YANG数据建模语言解析器和工具包。
libyang v1.0-r1之前版本中的yyparse存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。目前没有详细漏洞细节提供。
Severity
中
Patch Name
libyang输入验证错误漏洞的补丁
Patch Description
libyang是一款使用C语言编写的YANG数据建模语言解析器和工具包。
libyang v1.0-r1之前版本中的yyparse存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。目前没有详细漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
Reference
https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
Impacted products
| Name | libyang libyang <v1.0-r1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-20396",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
},
"description": "libyang\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684YANG\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u89e3\u6790\u5668\u548c\u5de5\u5177\u5305\u3002\n\nlibyang v1.0-r1\u4e4b\u524d\u7248\u672c\u4e2d\u7684yyparse\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-10247",
"openTime": "2020-02-19",
"patchDescription": "libyang\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684YANG\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u89e3\u6790\u5668\u548c\u5de5\u5177\u5305\u3002\r\n\r\nlibyang v1.0-r1\u4e4b\u524d\u7248\u672c\u4e2d\u7684yyparse\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libyang\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "libyang libyang \u003cv1.0-r1"
},
"referenceLink": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8",
"serverity": "\u4e2d",
"submitTime": "2020-02-18",
"title": "libyang\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}
GHSA-8WPF-H467-QVV5
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2023-09-20 00:30
VLAI?
Details
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-20396"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-22T22:15:00Z",
"severity": "MODERATE"
},
"details": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.",
"id": "GHSA-8wpf-h467-qvv5",
"modified": "2023-09-20T00:30:15Z",
"published": "2022-05-24T17:07:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/issues/740"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…