CVE-2019-20392

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/CESNET/libyang/issues/723	Exploit Third Party Advisory
https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1	Third Party Advisory
https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1793922	Issue Tracking Patch Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cesnet:libyang:0.11:r1::::::
	cpe:2.3:a:cesnet:libyang:0.11:r2::::::
	cpe:2.3:a:cesnet:libyang:0.12:r1::::::
	cpe:2.3:a:cesnet:libyang:0.12:r2::::::
	cpe:2.3:a:cesnet:libyang:0.13:r1::::::
	cpe:2.3:a:cesnet:libyang:0.13:r2::::::
	cpe:2.3:a:cesnet:libyang:0.14:r1::::::
	cpe:2.3:a:cesnet:libyang:0.15:r1::::::
	cpe:2.3:a:cesnet:libyang:0.16:r1::::::
	cpe:2.3:a:cesnet:libyang:0.16:r2::::::
	cpe:2.3:a:cesnet:libyang:0.16:r3::::::

Information

Published : 2020-01-22 14:15

Updated : 2020-01-23 13:18

NVD link : CVE-2019-20392

Mitre link : CVE-2019-20392

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

cesnet

libyang

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/CESNET/libyang/issues/723", "name": "https://github.com/CESNET/libyang/issues/723", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5", "name": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-20392", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2020-01-22T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.11:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.12:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.13:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.14:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.15:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cesnet:libyang:0.16:r3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-01-23T21:18Z"}