Vulnerabilities > CVE-2023-26916 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
References
- https://github.com/CESNET/libyang/issues/1979
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6NQZHCJG3SBMFOQNIPRZGKDK3ARHLTTB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2VWGCMYKQH4BTFEHX5VYEXXOPIKKFHS/