Main Vulnerability Database Vulnerabilities #VU34866

#VU34866 Input validation error in libyang - CVE-2019-20396

Published: January 22, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34866

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-20396

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
libyang

Software vendor:
CESNET

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.

Install update from vendor's website.