Bugzilla – Bug 1161657
VUL-0: CVE-2019-20397: libyang: double-free in yyparse() when organization field is not terminated
Last modified: 2020-02-19 20:14:05 UTC
A double-free is present in libyang up to version v1.0-r1 in function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
I have made an SR to update the package to the latest version 1.0.130