PYSEC-2020-187

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/libyang/PYSEC-2020-187.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-187

Withdrawn

2023-03-14T07:01:09.415821Z

Published

2020-01-22T22:15:00Z

Modified

2023-03-14T07:01:09.415821Z

Summary

[none]

Details

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

References

https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1
https://github.com/CESNET/libyang/issues/724
https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237
https://bugzilla.redhat.com/show_bug.cgi?id=1793924

PYSEC-2020-187

Affected packages