Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-20398 (GCVE-0-2019-20398)
Vulnerability from cvelistv5 – Published: 2020-01-22 00:00 – Updated: 2024-08-05 02:39
VLAI?
EPSS
Summary
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CESNET/libyang/issues/773"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T21:06:19.867228",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"
},
{
"url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08"
},
{
"url": "https://github.com/CESNET/libyang/issues/773"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20398",
"datePublished": "2020-01-22T00:00:00",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"05C120CA-50EF-4B6D-92C9-ED736219DB07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"35D48EC4-58D2-49C6-8049-920787733587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B57F3953-49D6-413C-A4AE-03125935FC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD62411F-A524-4E80-B540-780EA39CB6A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"124A5D30-7451-4516-9AA2-963AE62DD679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C260D13B-82E9-4596-9116-61073B42D661\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F8D5FC0-959E-4014-9CB7-91378CC8B2BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCBDA519-805B-4193-8092-75E2748A7BC3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.\"}, {\"lang\": \"es\", \"value\": \"Una desreferencia del puntero NULL est\\u00e1 presente en libyang versiones anteriores a v1.0-r3, en la funci\\u00f3n lys_extension_instances_free() debido a una copia de extensiones no resuelta en la funci\\u00f3n lys_restr_dup(). Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden bloquearse.\"}]",
"id": "CVE-2019-20398",
"lastModified": "2024-11-21T04:38:23.490",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-01-22T22:15:10.627",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1793935\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/773\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1793935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/CESNET/libyang/issues/773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-20398\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-01-22T22:15:10.627\",\"lastModified\":\"2024-11-21T04:38:23.490\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.\"},{\"lang\":\"es\",\"value\":\"Una desreferencia del puntero NULL est\u00e1 presente en libyang versiones anteriores a v1.0-r3, en la funci\u00f3n lys_extension_instances_free() debido a una copia de extensiones no resuelta en la funci\u00f3n lys_restr_dup(). Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden bloquearse.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E91322-5F67-43C2-8112-5ECAEC2A3C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"80A88DE4-93F8-40C3-AA52-A5F353F028AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C120CA-50EF-4B6D-92C9-ED736219DB07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99D1FA55-3F56-4E09-B41E-B05C199B96B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35D48EC4-58D2-49C6-8049-920787733587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B57F3953-49D6-413C-A4AE-03125935FC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD62411F-A524-4E80-B540-780EA39CB6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEF091B1-978A-4881-B1FC-6848CD1A7BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C50D690-9A4D-4B78-BF4E-A4D9B4074216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"124A5D30-7451-4516-9AA2-963AE62DD679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C260D13B-82E9-4596-9116-61073B42D661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8D5FC0-959E-4014-9CB7-91378CC8B2BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBDA519-805B-4193-8092-75E2748A7BC3\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793935\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/773\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1793935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/CESNET/libyang/issues/773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CNVD-2020-10245
Vulnerability from cnvd - Published: 2020-02-19
VLAI Severity ?
Title
libyang lys_extension_instances_free()内存错误引用漏洞
Description
libyang是一种数据建模语言库。
libyang lys_extension_instances_free()存在内存错误引用漏洞,攻击者可以利用提交特殊的文件请求,诱使用户解析,可进行拒绝服务攻击。
Severity
中
Patch Name
libyang lys_extension_instances_free()内存错误引用漏洞的补丁
Patch Description
libyang是一种数据建模语言库。
libyang lys_extension_instances_free()存在内存错误引用漏洞,攻击者可以利用提交特殊的文件请求,诱使用户解析,可进行拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该: https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=1793935
Impacted products
| Name | libyang libyang < v1.0-r3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-20398",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
},
"description": "libyang\u662f\u4e00\u79cd\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u5e93\u3002\n\nlibyang lys_extension_instances_free()\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u63d0\u4ea4\u7279\u6b8a\u7684\u6587\u4ef6\u8bf7\u6c42\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\uff1a\r\nhttps://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-10245",
"openTime": "2020-02-19",
"patchDescription": "libyang\u662f\u4e00\u79cd\u6570\u636e\u5efa\u6a21\u8bed\u8a00\u5e93\u3002\r\n\r\nlibyang lys_extension_instances_free()\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u63d0\u4ea4\u7279\u6b8a\u7684\u6587\u4ef6\u8bf7\u6c42\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libyang lys_extension_instances_free()\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "libyang libyang \u003c v1.0-r3"
},
"referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935",
"serverity": "\u4e2d",
"submitTime": "2020-02-04",
"title": "libyang lys_extension_instances_free()\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e"
}
RHEA-2021:1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2025-11-21 17:24Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:24:22+00:00",
"generator": {
"date": "2025-11-21T17:24:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:24:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
RHEA-2021_1906
Vulnerability from csaf_redhat - Published: 2021-05-18 15:04 - Updated: 2024-11-22 16:19Summary
Red Hat Enhancement Advisory: libyang bug fix and enhancement update
Notes
Topic
An update for libyang is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2021:1906",
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/index"
},
{
"category": "external",
"summary": "1910046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910046"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_1906.json"
}
],
"title": "Red Hat Enhancement Advisory: libyang bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T16:19:32+00:00",
"generator": {
"date": "2024-11-22T16:19:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2021:1906",
"initial_release_date": "2021-05-18T15:04:27+00:00",
"revision_history": [
{
"date": "2021-05-18T15:04:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-18T15:04:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T16:19:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.src",
"product": {
"name": "libyang-0:1.0.184-1.el8.src",
"product_id": "libyang-0:1.0.184-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-0:1.0.184-1.el8.i686",
"product_id": "libyang-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-0:1.0.184-1.el8.s390x",
"product_id": "libyang-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src"
},
"product_reference": "libyang-0:1.0.184-1.el8.src",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-20391",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793934"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw occurs in libyang in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20391"
},
{
"category": "external",
"summary": "RHBZ#1793934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20391",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20391"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access in resolve_feature_value() when a if-feature is used inside a bit"
},
{
"cve": "CVE-2019-20392",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793922"
}
],
"notes": [
{
"category": "description",
"text": "An invalid memory access flaw was discovered in libyang in the function resolve_feature_value() when an if-feature statement is used inside a list key node and the feature used is not defined. Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: invalid memory access when if-feature statement is used inside a list key node",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20392"
},
{
"category": "external",
"summary": "RHBZ#1793922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20392",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20392"
}
],
"release_date": "2019-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: invalid memory access when if-feature statement is used inside a list key node"
},
{
"cve": "CVE-2019-20393",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793930"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when an empty description is used. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in function yyparse() when empty description is used",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20393"
},
{
"category": "external",
"summary": "RHBZ#1793930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20393",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20393"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in function yyparse() when empty description is used"
},
{
"cve": "CVE-2019-20394",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793932"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yyparse() when a type statement is used in a notification statement. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when a type statement is used in a notification statement",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20394"
},
{
"category": "external",
"summary": "RHBZ#1793932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20394",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20394"
}
],
"release_date": "2019-04-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when a type statement is used in a notification statement"
},
{
"cve": "CVE-2019-20395",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793924"
}
],
"notes": [
{
"category": "description",
"text": "A stack-overflow flaw was found in libyang due to a self-referential union type containing leafrefs. Applications that use libyang to process untrusted input YANG files may crash while processing malformed files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: stack-overflow when parsing yang files with self-referential union types",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20395"
},
{
"category": "external",
"summary": "RHBZ#1793924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20395",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20395"
}
],
"release_date": "2019-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: stack-overflow when parsing yang files with self-referential union types"
},
{
"cve": "CVE-2019-20396",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793929"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer over-read flaw occurs in libyang in function lys_type_free() due to a malformed pattern statement value. Applications that use libyang to process untrusted input yang files may be vulnerable to this flaw, possibly causing a crash or information leaks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20396"
},
{
"category": "external",
"summary": "RHBZ#1793929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20396"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20396"
}
],
"release_date": "2019-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: heap-based buffer over-read in function lys_type_free() due to malformed pattern"
},
{
"cve": "CVE-2019-20397",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793928"
}
],
"notes": [
{
"category": "description",
"text": "A double-free flaw occurs in libyang in function yparse() when an organization field is not terminated. Applications that use libyang to process untrusted input YANG files may be vulnerable to this flaw, possibly causing a crash or potential code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: double-free in yyparse() when organization field is not terminated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20397"
},
{
"category": "external",
"summary": "RHBZ#1793928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20397"
}
],
"release_date": "2019-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libyang: double-free in yyparse() when organization field is not terminated"
},
{
"cve": "CVE-2019-20398",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2020-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1793935"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw occurs in libyang in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to process untrusted input YANG files may crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: NULL pointer dereference in function lys_extension_instances_free()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-20398"
},
{
"category": "external",
"summary": "RHBZ#1793935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
}
],
"release_date": "2019-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-18T15:04:27+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2021:1906"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.src",
"AppStream-8.4.0.GA:libyang-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-cpp-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debuginfo-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:libyang-debugsource-0:1.0.184-1.el8.x86_64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.aarch64",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.i686",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.ppc64le",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.s390x",
"AppStream-8.4.0.GA:python3-libyang-debuginfo-0:1.0.184-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libyang: NULL pointer dereference in function lys_extension_instances_free()"
}
]
}
FKIE_CVE-2019-20398
Vulnerability from fkie_nvd - Published: 2020-01-22 22:15 - Updated: 2024-11-21 04:38
Severity ?
Summary
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"matchCriteriaId": "65E91322-5F67-43C2-8112-5ECAEC2A3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"matchCriteriaId": "80A88DE4-93F8-40C3-AA52-A5F353F028AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"matchCriteriaId": "05C120CA-50EF-4B6D-92C9-ED736219DB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"matchCriteriaId": "99D1FA55-3F56-4E09-B41E-B05C199B96B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"matchCriteriaId": "35D48EC4-58D2-49C6-8049-920787733587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"matchCriteriaId": "B57F3953-49D6-413C-A4AE-03125935FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"matchCriteriaId": "DD62411F-A524-4E80-B540-780EA39CB6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"matchCriteriaId": "FEF091B1-978A-4881-B1FC-6848CD1A7BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"matchCriteriaId": "0C50D690-9A4D-4B78-BF4E-A4D9B4074216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"matchCriteriaId": "124A5D30-7451-4516-9AA2-963AE62DD679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"matchCriteriaId": "C260D13B-82E9-4596-9116-61073B42D661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "5F8D5FC0-959E-4014-9CB7-91378CC8B2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "DCBDA519-805B-4193-8092-75E2748A7BC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash."
},
{
"lang": "es",
"value": "Una desreferencia del puntero NULL est\u00e1 presente en libyang versiones anteriores a v1.0-r3, en la funci\u00f3n lys_extension_instances_free() debido a una copia de extensiones no resuelta en la funci\u00f3n lys_restr_dup(). Las aplicaciones que usan libyang para analizar archivos de entrada yang no confiables pueden bloquearse."
}
],
"id": "CVE-2019-20398",
"lastModified": "2024-11-21T04:38:23.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T22:15:10.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/773"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2019-20398
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-20398",
"description": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.",
"id": "GSD-2019-20398",
"references": [
"https://www.suse.com/security/cve/CVE-2019-20398.html",
"https://access.redhat.com/errata/RHEA-2021:1906"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-20398"
],
"details": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.",
"id": "GSD-2019-20398",
"modified": "2023-12-13T01:23:43.036837Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"
},
{
"name": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08"
},
{
"name": "https://github.com/CESNET/libyang/issues/773",
"refsource": "MISC",
"url": "https://github.com/CESNET/libyang/issues/773"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:1.0:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:1.0:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20398"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"
},
{
"name": "https://github.com/CESNET/libyang/issues/773",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CESNET/libyang/issues/773"
},
{
"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3572-1] libyang security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-09-19T22:15Z",
"publishedDate": "2020-01-22T22:15Z"
}
}
}
GHSA-Q259-QJ8C-5R52
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2023-09-20 00:30
VLAI?
Details
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-20398"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-22T22:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.",
"id": "GHSA-q259-qj8c-5r52",
"modified": "2023-09-20T00:30:15Z",
"published": "2022-05-24T17:07:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20398"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/issues/773"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935"
},
{
"type": "WEB",
"url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…