Libyang · Libyang · CVE-2019-20397
**Name of the Vulnerable Software and Affected Versions**
libyang versions prior to v1.0-r1
**Description**
A double-free issue is present in the `yyparse()` function when an organization field is not terminated, potentially causing a crash or code execution. This affects applications that use libyang to parse untrusted input yang files.
**Recommendations**
For versions prior to v1.0-r1, update to version v1.0-r1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `yyparse()` function when parsing untrusted input yang files until a patch is available.