Candidate: CVE-2021-28906
PublicDate: 2021-05-20 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28906
 https://github.com/CESNET/libyang/issues/1455
Description:
 In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check
 whether the value of retval->ext[r] is NULL. In some cases, it can be NULL,
 which leads to the operation of retval->ext[r]->flags that results in a
 crash.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libyang:
 upstream: https://github.com/CESNET/libyang/commit/a3917d95d516e3de267d3cfa5d4d3715a90e8777
upstream_libyang: released (1.0.240)
precise/esm_libyang: DNE
trusty_libyang: ignored (out of standard support)
trusty/esm_libyang: DNE
xenial_libyang: ignored (out of standard support)
bionic_libyang: DNE
focal_libyang: needed
groovy_libyang: ignored (reached end-of-life)
hirsute_libyang: ignored (reached end-of-life)
impish_libyang: needed
jammy_libyang: needed
devel_libyang: needed