SB2021052044 - Multiple vulnerabilities in libyang
Published: May 20, 2021 Updated: July 26, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Unchecked Return Value (CVE-ID: CVE-2021-28902)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value in the "read_yin_container()" function. A remote attacker can run a specially crafted program to cause a denial of service condition.
2) Unchecked Return Value (CVE-ID: CVE-2021-28906)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value in the "read_yin_leaf()" function. A remote attacker can run a specially crafted program to cause a denial of service condition.
3) Reachable Assertion (CVE-ID: CVE-2021-28905)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in the "lys_node_free()" function. A remote attacker can cause a denial of service condition on the target system.
4) Unchecked Return Value (CVE-ID: CVE-2021-28904)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value in the "ext_get_plugin()" function. A remote attacker can run a specially crafted program to cause a denial of service condition.
5) Uncontrolled Recursion (CVE-ID: CVE-2021-28903)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an uncontrolled recursion in the "lyxml_parse_elem()" function. A remote attacker can cause a denial of service condition on the target system.
Remediation
Install update from vendor's website.