CVE-2023-26916 — NULL Pointer Dereference in Libyang

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 46.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 3

Latest updateSep 16

Description

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

▶debiandebian/libyang< libyang 3.4.2+dfsg-2 (forky)

▶debiandebian/libyang2< libyang 3.4.2+dfsg-2 (forky)

▶Debiancesnet/libyang< 3.4.2+dfsg-2+1

▶NVDcesnet/libyang2.0.164 — 2.1.30

Also affects: Fedora 36, 37

GHSA

GHSA-rgjq-f6gr-756j: libyang from v2↗2023-04-04

▶

OSV

CVE-2023-26916: libyang from v2↗2023-04-03

▶

Ubuntu

libyang vulnerabilities↗2025-09-16

▶

Microsoft

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.↗2023-04-11

▶

Red Hat

libyang: NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c↗2023-04-03

▶

Debian

CVE-2023-26916: libyang - libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer derefe...↗2023

▶