A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libyang | Cesnet | * | 1.0.225 (including) |
Libyang | Ubuntu | esm-apps/focal | * |
Libyang | Ubuntu | esm-apps/jammy | * |
Libyang | Ubuntu | focal | * |
Libyang | Ubuntu | groovy | * |
Libyang | Ubuntu | hirsute | * |
Libyang | Ubuntu | impish | * |
Libyang | Ubuntu | jammy | * |
Libyang | Ubuntu | kinetic | * |
Libyang | Ubuntu | trusty | * |
Libyang | Ubuntu | upstream | * |
Libyang | Ubuntu | xenial | * |