Debian Libyang2 vulnerabilities

7 known vulnerabilities affecting debian/libyang2.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-26917HIGHCVSS 7.5fixed in libyang 3.4.2+dfsg-2 (forky)2023
CVE-2023-26917 [HIGH] CVE-2023-26917: libyang - libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer derefe... libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. Scope: local bullseye: open forky: resolved (fixed in 3.4.2+dfsg-2) sid: resolved (fixed in 3.4.2+dfsg-2) trixie: resolved (fixed in 3.4.2+dfsg-2)
debian
CVE-2023-26916MEDIUMCVSS 5.3fixed in libyang 3.4.2+dfsg-2 (forky)2023
CVE-2023-26916 [MEDIUM] CVE-2023-26916: libyang - libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer derefe... libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. Scope: local bullseye: open forky: resolved (fixed in 3.4.2+dfsg-2) sid: resolved (fixed in 3.4.2+dfsg-2) trixie: resolved (fixed in 3.4.2+dfsg-2)
debian
CVE-2021-28905HIGHCVSS 7.5fixed in libyang 3.4.2+dfsg-2 (forky)2021
CVE-2021-28905 [HIGH] CVE-2021-28905: libyang - In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of... In function lys_node_free() in libyang module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). Scope: local bullseye: open forky: resolved (fixed in 3.4.2+dfsg-2) sid: resolved (fixed in 3.4.2+dfsg-2) trixie: resolved (fixed in 3.4.2+dfsg-2)
debian
CVE-2021-28902HIGHCVSS 7.5fixed in libyang 3.4.2+dfsg-2 (forky)2021
CVE-2021-28902 [HIGH] CVE-2021-28902: libyang - In function read_yin_container() in libyang <= v1.0.225, it doesn't check whethe... In function read_yin_container() in libyang ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. Scope: local bullseye: open forky: resolved (fixed in 3.4.2+dfsg-2) sid: resolved (fixed in 3.4.2+dfsg-2) trixie: resolved (fixed in 3.4.2+dfsg-2)
debian
CVE-2021-28906HIGHCVSS 7.5fixed in libyang 3.4.2+dfsg-2 (forky)2021
CVE-2021-28906 [HIGH] CVE-2021-28906: libyang - In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the... In function read_yin_leaf() in libyang ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. Scope: local bullseye: open forky: resolved (fixed in 3.4.2+dfsg-2) sid: resolved (fixed in 3.4.2+dfsg-2) trixie: resolved (fixed in 3.4.2+dfsg-2)
debian
CVE-2021-28904HIGHCVSS 7.5fixed in libyang 3.4.2+dfsg-2 (forky)2021
CVE-2021-28904 [HIGH] CVE-2021-28904: libyang - In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether th... In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. Scope: local bullseye: open forky: resolved (fixed in 3.4.2+dfsg-2) sid: resolved (fixed in 3.4.2+dfsg-2) trixie: resolved (fixed in 3.4.2+dfsg-2)
debian
CVE-2021-28903HIGHCVSS 7.5fixed in libyang 3.4.2+dfsg-2 (forky)2021
CVE-2021-28903 [HIGH] CVE-2021-28903: libyang - A stack overflow in libyang <= v1.0.225 can cause a denial of service through fu... A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. Scope: local bullseye: open forky: resolved (fixed in 3.4.2+dfsg-2) sid: resolved (fixed in 3.4.2+dfsg-2) trixie: resolved (fixed in 3.4.2+dfsg-2)
debian