NULL pointer dereference in libyang

#VU34868 NULL pointer dereference in libyang

Published: 2020-01-22 | Updated: 2021-10-08

Vulnerability identifier: #VU34868

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-20398

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libyang
Universal components / Libraries / Libraries used by multiple products

Vendor: CESNET

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. A remote attacker can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libyang: 0.11 - 1.0

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1793935
http://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08
http://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3
http://github.com/CESNET/libyang/issues/773

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Networking OS10

Red Hat Enterprise Linux 8 update for libyang

Multiple vulnerabilities in CESNET libyang