Vulnerability Description
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cesnet | Libyang | 0.11 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:4360
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19333Issue TrackingThird Party Advisory
- https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://access.redhat.com/errata/RHSA-2019:4360
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19333Issue TrackingThird Party Advisory
- https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2019-19333?
CVE-2019-19333 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrus...
How severe is CVE-2019-19333?
CVE-2019-19333 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19333?
Check the references section above for vendor advisories and patch information. Affected products include: Cesnet Libyang, Redhat Enterprise Linux.