CVE-2023-26916

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-26916
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/CESNET/libyang/issues/1979 Issue Tracking Third Party Advisory
https://github.com/CESNET/libyang/issues/1979 Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/
Configurations

Configuration 1 (hide)

cpe:2.3:a:cesnet:libyang:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
History

18 Feb 2025, 15:15

Type Values Removed Values Added
References (MISC) https://github.com/CESNET/libyang/issues/1979 - Issue Tracking, Third Party Advisory () https://github.com/CESNET/libyang/issues/1979 - Issue Tracking, Third Party Advisory

07 Nov 2023, 04:09

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 5.3
First Time Fedoraproject fedora
Fedoraproject
CPE cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/', 'name': 'FEDORA-2023-9887f01975', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/', 'name': 'FEDORA-2023-17aaa2187f', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/ -

14 Apr 2023, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/ -

09 Apr 2023, 02:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:cesnet:libyang:*:*:*:*:*:*:*:*
CWE CWE-476
First Time Cesnet libyang
Cesnet
References (MISC) https://github.com/CESNET/libyang/issues/1979 - (MISC) https://github.com/CESNET/libyang/issues/1979 - Issue Tracking, Third Party Advisory

03 Apr 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-03 22:15

Updated : 2025-02-18 17:15

NVD link : CVE-2023-26916

Mitre link : CVE-2023-26916

JSON object : View

Products Affected

cesnet

  • libyang

fedoraproject

  • fedora
CWE
CWE-476

NULL Pointer Dereference