{"id":"CVE-2019-20391","details":"An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.","modified":"2026-04-11T09:39:52.436592Z","published":"2020-01-22T22:15:10.080Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"},{"type":"ADVISORY","url":"https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3"},{"type":"FIX","url":"https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793934"},{"type":"EVIDENCE","url":"https://github.com/CESNET/libyang/issues/772"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cesnet/libyang","events":[{"introduced":"0"},{"last_affected":"14a95280b2bd77b5fd1d9b5f8af71b15679f1a8f"},{"introduced":"0"},{"last_affected":"ebcf465b4250c869eeb727e64b0caa419ba15465"},{"introduced":"0"},{"last_affected":"4ebd79ec4fc92f7989e45532abc55ef6593b60aa"},{"introduced":"0"},{"last_affected":"7e811613b335afc8e1b2c0ee77e7b3f371bc9175"},{"introduced":"0"},{"last_affected":"ca88008d7068eaefd9cc04b18a523283dae3561e"},{"introduced":"0"},{"last_affected":"0ee330494a94ada40da59ad6037fd3138fe8ec9a"},{"introduced":"0"},{"last_affected":"5ccd6dea3eb7256dbc835507d7253eb5596c31b2"},{"introduced":"0"},{"last_affected":"054ed1fcd480dc4130d98206548c8fe1ac512356"},{"introduced":"0"},{"last_affected":"13b20f94f080cc493b3fd22604d0635585194231"},{"introduced":"0"},{"last_affected":"2ec826a984204d034f43a7ad72d835bc99974ede"},{"introduced":"0"},{"last_affected":"9e316f344e73316bf058ef88bd5ba852ad65ba25"},{"introduced":"0"},{"last_affected":"a3e312c65573d90dd5bedf0744e473a9bbd2ece3"},{"introduced":"0"},{"last_affected":"347246611b85e05d16f54faaa5697c4b2ee4b468"},{"fixed":"bdb596ddc07596fa212f231135b87d0b9178f6f8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.11-r1"},{"introduced":"0"},{"last_affected":"0.11-r2"},{"introduced":"0"},{"last_affected":"0.12-r1"},{"introduced":"0"},{"last_affected":"0.12-r2"},{"introduced":"0"},{"last_affected":"0.13-r1"},{"introduced":"0"},{"last_affected":"0.13-r2"},{"introduced":"0"},{"last_affected":"0.14-r1"},{"introduced":"0"},{"last_affected":"0.15-r1"},{"introduced":"0"},{"last_affected":"0.16-r1"},{"introduced":"0"},{"last_affected":"0.16-r2"},{"introduced":"0"},{"last_affected":"0.16-r3"},{"introduced":"0"},{"last_affected":"1.0-r1"},{"introduced":"0"},{"last_affected":"1.0-r2"}]}}],"versions":["v0.11-r1","v0.11-r2","v0.12-r1","v0.12-r2","v0.13-r1","v0.13-r2","v0.14-r1","v0.15-r1","v0.16-r1","v0.16-r2","v0.16-r3","v1.0-r1","v1.0-r2"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","target":{"file":"src/resolve.c"},"source":"https://github.com/cesnet/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8","digest":{"threshold":0.9,"line_hashes":["155430779242861446466177299443060400718","15933832550298970296093717907452545562","210533867413985869976612204320521306275","217119053337116050957207098743507905420"]},"id":"CVE-2019-20391-16593093","deprecated":false},{"signature_type":"Function","signature_version":"v1","target":{"function":"resolve_iffeature","file":"src/resolve.c"},"source":"https://github.com/cesnet/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8","digest":{"function_hash":"144887731380011650420799519691260820041","length":143},"id":"CVE-2019-20391-9d460c02","deprecated":false}],"vanir_signatures_modified":"2026-04-11T09:39:52Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20391.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}