CVE-2019-19333 HIGH

CVE-2019-19333

Vendor Red Hat
Product libyang
Weakness CWE-121
Published December 6, 2019
Last update August 5, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.

Key dates

02Disclosure timeline

December 6, 2019 CVE published
August 5, 2024 Record updated