Michal Vasko

11 exploits Active since Dec 2019
CVE-2026-41401 WRITEUP MEDIUM WRITEUP
libyang - Heap Use-After-Free Write in XML Metadata Parsing
libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution.
CVSS 6.5
CVE-2019-19333 WRITEUP CRITICAL WRITEUP
libyang < 1.0-r5 - Stack-based Buffer Overflow in YANG File Parser
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
CVSS 9.8
CVE-2019-19334 WRITEUP CRITICAL WRITEUP
libyang < 1.0-r5 - Stack-based Buffer Overflow in YANG Identityref Leaf Parsing
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
CVSS 9.8
CVE-2019-20391 WRITEUP MEDIUM WRITEUP
libyang < 1.0-r3 - Denial of Service via if-feature Statement in Bit
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
CVSS 6.5
CVE-2019-20392 WRITEUP MEDIUM WRITEUP
libyang < 1.0-r1 - Denial of Service via Invalid Memory Access in resolve_feature_value()
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
CVSS 6.5
CVE-2019-20393 WRITEUP HIGH WRITEUP
libyang < v1.0-r1 - Double Free in yyparse() via Empty Description
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVSS 8.8
CVE-2019-20394 WRITEUP HIGH WRITEUP
libyang < v1.0-r3 - Double Free in yyparse() via Type Statement in Notification
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVSS 8.8
CVE-2019-20395 WRITEUP MEDIUM WRITEUP
libyang <v1.0-r1 - Memory Corruption
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
CVSS 6.5
CVE-2019-20396 WRITEUP MEDIUM WRITEUP
libyang - Denial of Service via Malformed Pattern Statement in lys_parse_path
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
CVSS 6.5
CVE-2019-20397 WRITEUP HIGH WRITEUP
libyang < v1.0-r1 - Double Free in yyparse() via Unterminated Organization Field
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVSS 8.8
CVE-2019-20398 WRITEUP MEDIUM WRITEUP
libyang < v1.0-r3 - Denial of Service via NULL Pointer Dereference in lys_extension_instances_free()
A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.
CVSS 6.5