Juraj

**Name of the Vulnerable Software and Affected Versions** libyang versions prior to 1.0-r1 **Description** A stack consumption issue is present due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. **Recommendations** For versions prior to 1.0-r1, update to version 1.0-r1 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of untrusted input yang files until a patch is available. Avoid using libyang to parse potentially malicious yang files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libyang versions prior to v1.0-r1 **Description** A segmentation fault is present in yyparse due to a malformed pattern statement value during lys parse path parsing. **Recommendations** For versions prior to v1.0-r1, update to v1.0-r1 or later to resolve the issue. As a temporary workaround, consider restricting the input to lys parse path to prevent malformed pattern statement values.