{"id":"CVE-2019-20392","details":"An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.","modified":"2026-04-11T09:40:04.681952Z","published":"2020-01-22T22:15:10.143Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00019.html"},{"type":"ADVISORY","url":"https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793922"},{"type":"FIX","url":"https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5"},{"type":"EVIDENCE","url":"https://github.com/CESNET/libyang/issues/723"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cesnet/libyang","events":[{"introduced":"0"},{"last_affected":"14a95280b2bd77b5fd1d9b5f8af71b15679f1a8f"},{"introduced":"0"},{"last_affected":"ebcf465b4250c869eeb727e64b0caa419ba15465"},{"introduced":"0"},{"last_affected":"4ebd79ec4fc92f7989e45532abc55ef6593b60aa"},{"introduced":"0"},{"last_affected":"7e811613b335afc8e1b2c0ee77e7b3f371bc9175"},{"introduced":"0"},{"last_affected":"ca88008d7068eaefd9cc04b18a523283dae3561e"},{"introduced":"0"},{"last_affected":"0ee330494a94ada40da59ad6037fd3138fe8ec9a"},{"introduced":"0"},{"last_affected":"5ccd6dea3eb7256dbc835507d7253eb5596c31b2"},{"introduced":"0"},{"last_affected":"054ed1fcd480dc4130d98206548c8fe1ac512356"},{"introduced":"0"},{"last_affected":"13b20f94f080cc493b3fd22604d0635585194231"},{"introduced":"0"},{"last_affected":"2ec826a984204d034f43a7ad72d835bc99974ede"},{"introduced":"0"},{"last_affected":"9e316f344e73316bf058ef88bd5ba852ad65ba25"},{"fixed":"32fb4993bc8bb49e93e84016af3c10ea53964be5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.11-r1"},{"introduced":"0"},{"last_affected":"0.11-r2"},{"introduced":"0"},{"last_affected":"0.12-r1"},{"introduced":"0"},{"last_affected":"0.12-r2"},{"introduced":"0"},{"last_affected":"0.13-r1"},{"introduced":"0"},{"last_affected":"0.13-r2"},{"introduced":"0"},{"last_affected":"0.14-r1"},{"introduced":"0"},{"last_affected":"0.15-r1"},{"introduced":"0"},{"last_affected":"0.16-r1"},{"introduced":"0"},{"last_affected":"0.16-r2"},{"introduced":"0"},{"last_affected":"0.16-r3"}]}}],"versions":["v0.11-r1","v0.11-r2","v0.12-r1","v0.12-r2","v0.13-r1","v0.13-r2","v0.14-r1","v0.15-r1","v0.16-r1","v0.16-r2","v0.16-r3"],"database_specific":{"vanir_signatures":[{"id":"CVE-2019-20392-032a276a","signature_type":"Line","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"threshold":0.9,"line_hashes":["153002500423798434256592701584245625463","230614830459831309431581078566189452272","270973861011249829838003646989904623610","148657964967570686949299799845810273179","257659658612003441551797041979747112217"]},"target":{"file":"src/tree_internal.h"},"signature_version":"v1"},{"id":"CVE-2019-20392-1951f31b","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"59104920717271573034795326211912967008","length":658},"target":{"function":"lyd_new_yangdata","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-7f66e1f9","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"122236524139901627952942428461825117349","length":624},"target":{"function":"lyd_new","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-90ac78de","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"57052246400986240294450456389561567888","length":1505},"target":{"function":"resolve_list_keys","file":"src/resolve.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-9448a57e","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"187590895897927979670393245606269578600","length":611},"target":{"function":"lyd_new_anydata","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-962a5d69","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"204286570847905701609976863284017896093","length":611},"target":{"function":"lyd_new_output_anydata","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-aa4e95ea","signature_type":"Line","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"threshold":0.9,"line_hashes":["321325470471087745242311288612032237358","56477959894432327662330507575327822819","53404165965557677183984291584300438482","271057890279561772190694269287218803445","306250846510245806449103643624440870868","45196027690109702854929066173998056955","55192732760628959106392687531181296118","316499779196054505278354666682740257131","165092681096174009704981897216533908279","81670330197492541712634698495065547077","123388074370574693039497351523872459089","54676762953646895315479720753943744797","238764938177065892686943584493549413735","245218462282638934395814115927369703723","125668014696491015217885674604179728911","313040288249818402581341811310372731022","321325470471087745242311288612032237358","56477959894432327662330507575327822819","53404165965557677183984291584300438482","271057890279561772190694269287218803445","306250846510245806449103643624440870868","45196027690109702854929066173998056955","55192732760628959106392687531181296118","316499779196054505278354666682740257131","165092681096174009704981897216533908279","81670330197492541712634698495065547077","123388074370574693039497351523872459089","54676762953646895315479720753943744797","230057388760933413550921968297649941014","320076485189318407780215182679474077876","70278170345059972295009906076420928262","211733341214040470307084349578988748206"]},"target":{"file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-b5040d99","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"114802227195512835173326309507133879899","length":622},"target":{"function":"lyd_new_leaf","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-ccbf8f8c","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"164266810528397342352146474051971536506","length":622},"target":{"function":"lyd_new_output_leaf","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-d3fdd596","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"228488513980899824368525078319399997149","length":624},"target":{"function":"lyd_new_output","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-e175b3b0","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"57829431738036421082182047656068015947","length":714},"target":{"function":"lys_getnext_data","file":"src/tree_schema.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-e2f71428","signature_type":"Line","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"threshold":0.9,"line_hashes":["301083763695685425972847294016431004979","210458590891657111559610829966846006069","15576116880097838804817988465904177720","207103289855468977022175404121393741526","33213091629819581431056391363718183242","140307323188134758435499197304213981010","164036938917007446127986822134950420670","234680713329600261993262436518060424716","225815452451362738509091908457938952003","37122003908092904473215613234915913806","277170383410592903311965170110004644053","108043387628562309678135878036510854571"]},"target":{"file":"src/resolve.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-e50b6f12","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"114798472255238706783513339068407806635","length":2595},"target":{"function":"resolve_schema_leafref_predicate","file":"src/resolve.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-ee5d3f07","signature_type":"Function","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"function_hash":"333075831465526990775069479674520315558","length":3174},"target":{"function":"lyd_dup_to_ctx","file":"src/tree_data.c"},"signature_version":"v1"},{"id":"CVE-2019-20392-f2040b03","signature_type":"Line","deprecated":false,"source":"https://github.com/cesnet/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5","digest":{"threshold":0.9,"line_hashes":["322287222846338707854596842130787799252","305851520901855814207703427485776693859","143168878008050025730951350250954976421","283311210623711391377559075215145741240","71688971604327333584151666155381498755","119357412104916274344613699507877729234","232262246563263944549808674222602446354","277467676394665399045161204069479551377"]},"target":{"file":"src/tree_schema.c"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20392.json","vanir_signatures_modified":"2026-04-11T09:40:04Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}