CVE-2019-20392

An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolvefeaturevalue() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.

References

Affected packages

Git / github.com/cesnet/libyang

Affected ranges

Type: GIT
Repo: https://github.com/cesnet/libyang
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

32fb4993bc8bb49e93e84016af3c10ea53964be5

Affected versions

v0.*

v0.11-r1

v0.11-r2

v0.12-r1

v0.12-r2

v0.13-r1

v0.13-r2

v0.14-r1

v0.15-r1

v0.16-r1

v0.16-r2

v0.16-r3

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "src/tree_internal.h"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "153002500423798434256592701584245625463",
                "230614830459831309431581078566189452272",
                "270973861011249829838003646989904623610",
                "148657964967570686949299799845810273179",
                "257659658612003441551797041979747112217"
            ]
        },
        "id": "CVE-2019-20392-032a276a",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_new_yangdata",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 658.0,
            "function_hash": "59104920717271573034795326211912967008"
        },
        "id": "CVE-2019-20392-1951f31b",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_new",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 624.0,
            "function_hash": "122236524139901627952942428461825117349"
        },
        "id": "CVE-2019-20392-7f66e1f9",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "resolve_list_keys",
            "file": "src/resolve.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1505.0,
            "function_hash": "57052246400986240294450456389561567888"
        },
        "id": "CVE-2019-20392-90ac78de",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_new_anydata",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 611.0,
            "function_hash": "187590895897927979670393245606269578600"
        },
        "id": "CVE-2019-20392-9448a57e",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_new_output_anydata",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 611.0,
            "function_hash": "204286570847905701609976863284017896093"
        },
        "id": "CVE-2019-20392-962a5d69",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321325470471087745242311288612032237358",
                "56477959894432327662330507575327822819",
                "53404165965557677183984291584300438482",
                "271057890279561772190694269287218803445",
                "306250846510245806449103643624440870868",
                "45196027690109702854929066173998056955",
                "55192732760628959106392687531181296118",
                "316499779196054505278354666682740257131",
                "165092681096174009704981897216533908279",
                "81670330197492541712634698495065547077",
                "123388074370574693039497351523872459089",
                "54676762953646895315479720753943744797",
                "238764938177065892686943584493549413735",
                "245218462282638934395814115927369703723",
                "125668014696491015217885674604179728911",
                "313040288249818402581341811310372731022",
                "321325470471087745242311288612032237358",
                "56477959894432327662330507575327822819",
                "53404165965557677183984291584300438482",
                "271057890279561772190694269287218803445",
                "306250846510245806449103643624440870868",
                "45196027690109702854929066173998056955",
                "55192732760628959106392687531181296118",
                "316499779196054505278354666682740257131",
                "165092681096174009704981897216533908279",
                "81670330197492541712634698495065547077",
                "123388074370574693039497351523872459089",
                "54676762953646895315479720753943744797",
                "230057388760933413550921968297649941014",
                "320076485189318407780215182679474077876",
                "70278170345059972295009906076420928262",
                "211733341214040470307084349578988748206"
            ]
        },
        "id": "CVE-2019-20392-aa4e95ea",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_new_leaf",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 622.0,
            "function_hash": "114802227195512835173326309507133879899"
        },
        "id": "CVE-2019-20392-b5040d99",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_new_output_leaf",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 622.0,
            "function_hash": "164266810528397342352146474051971536506"
        },
        "id": "CVE-2019-20392-ccbf8f8c",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_new_output",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 624.0,
            "function_hash": "228488513980899824368525078319399997149"
        },
        "id": "CVE-2019-20392-d3fdd596",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lys_getnext_data",
            "file": "src/tree_schema.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 714.0,
            "function_hash": "57829431738036421082182047656068015947"
        },
        "id": "CVE-2019-20392-e175b3b0",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/resolve.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "301083763695685425972847294016431004979",
                "210458590891657111559610829966846006069",
                "15576116880097838804817988465904177720",
                "207103289855468977022175404121393741526",
                "33213091629819581431056391363718183242",
                "140307323188134758435499197304213981010",
                "164036938917007446127986822134950420670",
                "234680713329600261993262436518060424716",
                "225815452451362738509091908457938952003",
                "37122003908092904473215613234915913806",
                "277170383410592903311965170110004644053",
                "108043387628562309678135878036510854571"
            ]
        },
        "id": "CVE-2019-20392-e2f71428",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "resolve_schema_leafref_predicate",
            "file": "src/resolve.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 2595.0,
            "function_hash": "114798472255238706783513339068407806635"
        },
        "id": "CVE-2019-20392-e50b6f12",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "lyd_dup_to_ctx",
            "file": "src/tree_data.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 3174.0,
            "function_hash": "333075831465526990775069479674520315558"
        },
        "id": "CVE-2019-20392-ee5d3f07",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/tree_schema.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "322287222846338707854596842130787799252",
                "305851520901855814207703427485776693859",
                "143168878008050025730951350250954976421",
                "283311210623711391377559075215145741240",
                "71688971604327333584151666155381498755",
                "119357412104916274344613699507877729234",
                "232262246563263944549808674222602446354",
                "277467676394665399045161204069479551377"
            ]
        },
        "id": "CVE-2019-20392-f2040b03",
        "source": "https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"
    }
]