CVE-2019-20394

Name of the Vulnerable Software and Affected Versions libyang versions prior to v1.0-r3

Description A double-free issue is present in the yyparse() function when a type statement is used in a notification statement. This affects applications that use libyang to parse untrusted input yang files, potentially causing a crash or code execution.

Recommendations For versions prior to v1.0-r3, update to version v1.0-r3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the yyparse() function when parsing untrusted input yang files until a patch is available.