Invalid Memory Access Vulnerability in libyang resolve_feature_value() Function

Invalid Memory Access Vulnerability in libyang resolve_feature_value() Function

CVE-2019-20392 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.

Learn more about our Web Application Penetration Testing UK.