SB2020012249 - Multiple vulnerabilities in CESNET libyang
Published: January 22, 2020 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-20392)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
2) Double Free (CVE-ID: CVE-2019-20393)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
3) Resource exhaustion (CVE-ID: CVE-2019-20395)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
4) Input validation error (CVE-ID: CVE-2019-20396)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
5) Double Free (CVE-ID: CVE-2019-20397)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
Remediation
Install update from vendor's website.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1793922
- https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
- https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1
- https://github.com/CESNET/libyang/issues/723
- https://bugzilla.redhat.com/show_bug.cgi?id=1793930
- https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed
- https://github.com/CESNET/libyang/issues/742
- https://bugzilla.redhat.com/show_bug.cgi?id=1793924
- https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237
- https://github.com/CESNET/libyang/issues/724
- https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
- https://github.com/CESNET/libyang/issues/740
- https://bugzilla.redhat.com/show_bug.cgi?id=1793928
- https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4
- https://github.com/CESNET/libyang/issues/739