libyang-1.0.184-2.el8_10.ML.1
エラータID: AXSA:2026-777:01
Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.
Security Fix(es):
* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-44673
libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.
Update packages.
libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.
N/A
SRPMS
- libyang-1.0.184-2.el8_10.ML.1.src.rpm
MD5: d4d00e698e28cd04017561a74c4c5cc5
SHA-256: 1c90975419371182b8d17ba84806f6e4818397757e46d70e69faa98750179e67
Size: 1.57 MB
Asianux Server 8 for x86_64
- libyang-1.0.184-2.el8_10.ML.1.i686.rpm
MD5: 972c77b026680750ee908a8653a85747
SHA-256: 92de83efd3f4e49fee37121e4a7a2865d926ea724d9fe301791053f92a43e918
Size: 509.17 kB - libyang-1.0.184-2.el8_10.ML.1.x86_64.rpm
MD5: 9bd18055ed8e5918324e6001e8bfc3c6
SHA-256: e55edd0fc2bb99baebbbf2a6b81e23226f6373ff4e03ed508463326e718bede1
Size: 478.88 kB