#VU34861 Buffer overflow in libyang - CVE-2019-20391

Cybersecurity Help s.r.o.

Published: 2020-01-22 | Updated: 2020-08-08

Vulnerability identifier: #VU34861

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-20391

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libyang
Universal components / Libraries / Libraries used by multiple products

Vendor: CESNET

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libyang: 0.11 - 1.0

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1793934
https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8
https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3
https://github.com/CESNET/libyang/issues/772

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

PowerProtect Data Protection software update for third-party components

Multiple vulnerabilities in Dell SmartFabric OS10

Multiple vulnerabilities in Dell Networking OS10

Red Hat Enterprise Linux 8 update for libyang

Multiple vulnerabilities in CESNET libyang