Source: libyang2
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for libyang2.

CVE-2023-26917[0]:
| libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL
| pointer dereference via the function lysp_stmt_validate_value at
| lys_parse_mem.c.

https://github.com/CESNET/libyang/issues/1987
https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090
 (v2.1.55)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-26917
    https://www.cve.org/CVERecord?id=CVE-2023-26917

Please adjust the affected versions in the BTS as needed.

Reply via email to