Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44673 (GCVE-0-2026-44673)
Vulnerability from cvelistv5 – Published: 2026-05-14 20:35 – Updated: 2026-05-15 14:19
VLAI
EPSS
Title
libyang: lyb_read_string() integer overflow → heap buffer overflow
Summary
libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/CESNET/libyang/security/adviso… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44673",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T14:18:31.145491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T14:19:01.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libyang",
"vendor": "CESNET",
"versions": [
{
"status": "affected",
"version": "\u003c SO 5.2.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T20:35:13.963Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh"
}
],
"source": {
"advisory": "GHSA-vw2p-pq79-92xh",
"discovery": "UNKNOWN"
},
"title": "libyang: lyb_read_string() integer overflow \u2192 heap buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44673",
"datePublished": "2026-05-14T20:35:13.963Z",
"dateReserved": "2026-05-07T16:20:08.659Z",
"dateUpdated": "2026-05-15T14:19:01.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44673",
"date": "2026-06-16",
"epss": "0.00273",
"percentile": "0.1882"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44673\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-14T21:16:47.500\",\"lastModified\":\"2026-05-15T15:16:53.830\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"references\":[{\"url\":\"https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44673\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-15T14:18:31.145491Z\"}}}], \"references\": [{\"url\": \"https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T14:18:56.857Z\"}}], \"cna\": {\"title\": \"libyang: lyb_read_string() integer overflow \\u2192 heap buffer overflow\", \"source\": {\"advisory\": \"GHSA-vw2p-pq79-92xh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"CESNET\", \"product\": \"libyang\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c SO 5.2.15\"}]}], \"references\": [{\"url\": \"https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh\", \"name\": \"https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-14T20:35:13.963Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44673\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-15T14:19:01.227Z\", \"dateReserved\": \"2026-05-07T16:20:08.659Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-14T20:35:13.963Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:24545
Vulnerability from osv_almalinux
Published
2026-06-08 00:00
Modified
2026-06-09 09:03
Summary
Important: libyang security update
Details
Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.
Security Fix(es):
- libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libyang"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.184-2.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Libyang is YANG data modeling language parser and toolkit written (and providing API) in C. \n\nSecurity Fix(es): \n\n * libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:24545",
"modified": "2026-06-09T09:03:59Z",
"published": "2026-06-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:24545"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-44673"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2477617"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-24545.html"
}
],
"related": [
"CVE-2026-44673"
],
"summary": "Important: libyang security update"
}
FKIE_CVE-2026-44673
Vulnerability from fkie_nvd - Published: 2026-05-14 21:16 - Updated: 2026-05-15 15:16
Severity
Summary
libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15."
}
],
"id": "CVE-2026-44673",
"lastModified": "2026-05-15T15:16:53.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-14T21:16:47.500",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
MSRC_CVE-2026-44673
Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-05-23 01:44Summary
libyang: lyb_read_string() integer overflow → heap buffer overflow
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44673 libyang: lyb_read_string() integer overflow \u2192 heap buffer overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-44673.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "libyang: lyb_read_string() integer overflow \u2192 heap buffer overflow",
"tracking": {
"current_release_date": "2026-05-23T01:44:35.000Z",
"generator": {
"date": "2026-05-23T07:14:23.772Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-44673",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-05-16T01:03:48.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-05-23T01:44:35.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libyang 0:2.1.148-1.azl3",
"product": {
"name": "\u003cazl3 libyang 0:2.1.148-1.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 libyang 0:2.1.148-1.azl3",
"product": {
"name": "azl3 libyang 0:2.1.148-1.azl3",
"product_id": "21339"
}
}
],
"category": "product_name",
"name": "libyang"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libyang 0:2.1.148-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libyang 0:2.1.148-1.azl3 as a component of Azure Linux 3.0",
"product_id": "21339-17084"
},
"product_reference": "21339",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44673",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21339-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44673 libyang: lyb_read_string() integer overflow \u2192 heap buffer overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-44673.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-16T01:03:48.000Z",
"details": "0:2.1.148-2.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "libyang: lyb_read_string() integer overflow \u2192 heap buffer overflow"
}
]
}
RHSA-2026:24545
Vulnerability from csaf_redhat - Published: 2026-06-08 18:39 - Updated: 2026-06-10 15:51Summary
Red Hat Security Advisory: libyang security update
Severity
Important
Notes
Topic: An update for libyang is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.
Security Fix(es):
* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the `lyb_read_string()` function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer (such as a NETCONF server), could trigger a crash, resulting in a denial of service (DoS), or potentially achieve arbitrary code execution through heap corruption.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.\n\nSecurity Fix(es):\n\n* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24545",
"url": "https://access.redhat.com/errata/RHSA-2026:24545"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477617"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24545.json"
}
],
"title": "Red Hat Security Advisory: libyang security update",
"tracking": {
"current_release_date": "2026-06-10T15:51:33+00:00",
"generator": {
"date": "2026-06-10T15:51:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:24545",
"initial_release_date": "2026-06-08T18:39:17+00:00",
"revision_history": [
{
"date": "2026-06-08T18:39:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-08T18:39:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T15:51:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-2.el8_10.src",
"product": {
"name": "libyang-0:1.0.184-2.el8_10.src",
"product_id": "libyang-0:1.0.184-2.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-2.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-2.el8_10.aarch64",
"product": {
"name": "libyang-0:1.0.184-2.el8_10.aarch64",
"product_id": "libyang-0:1.0.184-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-2.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"product": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"product_id": "libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-2.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-2.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product_id": "libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-2.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-2.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-2.el8_10.ppc64le",
"product": {
"name": "libyang-0:1.0.184-2.el8_10.ppc64le",
"product_id": "libyang-0:1.0.184-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-2.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"product": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"product_id": "libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-2.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-2.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product_id": "libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-2.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product_id": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-2.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-2.el8_10.i686",
"product": {
"name": "libyang-0:1.0.184-2.el8_10.i686",
"product_id": "libyang-0:1.0.184-2.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-2.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-2.el8_10.i686",
"product": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.i686",
"product_id": "libyang-debugsource-0:1.0.184-2.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-2.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-2.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"product": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"product_id": "libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-2.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"product_id": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-2.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-2.el8_10.x86_64",
"product": {
"name": "libyang-0:1.0.184-2.el8_10.x86_64",
"product_id": "libyang-0:1.0.184-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-2.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"product": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"product_id": "libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-2.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-2.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product_id": "libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-2.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product_id": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-2.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:1.0.184-2.el8_10.s390x",
"product": {
"name": "libyang-0:1.0.184-2.el8_10.s390x",
"product_id": "libyang-0:1.0.184-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@1.0.184-2.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"product": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"product_id": "libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@1.0.184-2.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"product": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"product_id": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-cpp-debuginfo@1.0.184-2.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"product": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"product_id": "libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@1.0.184-2.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"product": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"product_id": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-libyang-debuginfo@1.0.184-2.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.aarch64"
},
"product_reference": "libyang-0:1.0.184-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-2.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.i686"
},
"product_reference": "libyang-0:1.0.184-2.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.ppc64le"
},
"product_reference": "libyang-0:1.0.184-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.s390x"
},
"product_reference": "libyang-0:1.0.184-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-2.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.src"
},
"product_reference": "libyang-0:1.0.184-2.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:1.0.184-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.x86_64"
},
"product_reference": "libyang-0:1.0.184-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64"
},
"product_reference": "libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.aarch64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.i686"
},
"product_reference": "libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le"
},
"product_reference": "libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.s390x"
},
"product_reference": "libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:1.0.184-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.x86_64"
},
"product_reference": "libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.aarch64"
},
"product_reference": "libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.i686"
},
"product_reference": "libyang-debugsource-0:1.0.184-2.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.ppc64le"
},
"product_reference": "libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.s390x"
},
"product_reference": "libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:1.0.184-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.x86_64"
},
"product_reference": "libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64"
},
"product_reference": "python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44673",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-14T21:01:08.333408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the `lyb_read_string()` function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer (such as a NETCONF server), could trigger a crash, resulting in a denial of service (DoS), or potentially achieve arbitrary code execution through heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in libyang, which could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability arises from an integer overflow when processing a specially crafted LYB binary blob, impacting Red Hat products that consume libyang data, such as NETCONF servers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44673"
},
{
"category": "external",
"summary": "RHBZ#2477617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44673"
},
{
"category": "external",
"summary": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh",
"url": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh"
}
],
"release_date": "2026-05-14T20:35:13.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-08T18:39:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24545"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-cpp-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debuginfo-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libyang-debugsource-0:1.0.184-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:python3-libyang-debuginfo-0:1.0.184-2.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob"
}
]
}
RHSA-2026:24758
Vulnerability from csaf_redhat - Published: 2026-06-09 10:13 - Updated: 2026-06-10 15:51Summary
Red Hat Security Advisory: libyang security update
Severity
Important
Notes
Topic: An update for libyang is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.
Security Fix(es):
* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the `lyb_read_string()` function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer (such as a NETCONF server), could trigger a crash, resulting in a denial of service (DoS), or potentially achieve arbitrary code execution through heap corruption.
7.5 (High)
Affected products
Fixed
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.\n\nSecurity Fix(es):\n\n* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24758",
"url": "https://access.redhat.com/errata/RHSA-2026:24758"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477617"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24758.json"
}
],
"title": "Red Hat Security Advisory: libyang security update",
"tracking": {
"current_release_date": "2026-06-10T15:51:20+00:00",
"generator": {
"date": "2026-06-10T15:51:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:24758",
"initial_release_date": "2026-06-09T10:13:22+00:00",
"revision_history": [
{
"date": "2026-06-09T10:13:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-09T10:13:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T15:51:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:2.1.148-4.el10_2.src",
"product": {
"name": "libyang-0:2.1.148-4.el10_2.src",
"product_id": "libyang-0:2.1.148-4.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-4.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:2.1.148-4.el10_2.aarch64",
"product": {
"name": "libyang-0:2.1.148-4.el10_2.aarch64",
"product_id": "libyang-0:2.1.148-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-4.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"product": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"product_id": "libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-4.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"product": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"product_id": "libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-4.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"product": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"product_id": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-tools-debuginfo@2.1.148-4.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-4.el10_2.aarch64",
"product": {
"name": "libyang-devel-0:2.1.148-4.el10_2.aarch64",
"product_id": "libyang-devel-0:2.1.148-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-4.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"product": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"product_id": "libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-4.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:2.1.148-4.el10_2.ppc64le",
"product": {
"name": "libyang-0:2.1.148-4.el10_2.ppc64le",
"product_id": "libyang-0:2.1.148-4.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-4.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"product": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"product_id": "libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-4.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"product": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"product_id": "libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-4.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"product": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"product_id": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-tools-debuginfo@2.1.148-4.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"product": {
"name": "libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"product_id": "libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-4.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"product": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"product_id": "libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-4.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:2.1.148-4.el10_2.s390x",
"product": {
"name": "libyang-0:2.1.148-4.el10_2.s390x",
"product_id": "libyang-0:2.1.148-4.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-4.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"product": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"product_id": "libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-4.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"product": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"product_id": "libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-4.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"product": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"product_id": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-tools-debuginfo@2.1.148-4.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-4.el10_2.s390x",
"product": {
"name": "libyang-devel-0:2.1.148-4.el10_2.s390x",
"product_id": "libyang-devel-0:2.1.148-4.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-4.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"product": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"product_id": "libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-4.el10_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:2.1.148-4.el10_2.x86_64",
"product": {
"name": "libyang-0:2.1.148-4.el10_2.x86_64",
"product_id": "libyang-0:2.1.148-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-4.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"product": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"product_id": "libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-4.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"product": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"product_id": "libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-4.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"product": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"product_id": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-tools-debuginfo@2.1.148-4.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-4.el10_2.x86_64",
"product": {
"name": "libyang-devel-0:2.1.148-4.el10_2.x86_64",
"product_id": "libyang-devel-0:2.1.148-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-4.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"product": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"product_id": "libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-4.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.src"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.src"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.src",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-devel-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"relates_to_product_reference": "CRB-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64"
},
"product_reference": "libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"relates_to_product_reference": "CRB-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44673",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-14T21:01:08.333408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the `lyb_read_string()` function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer (such as a NETCONF server), could trigger a crash, resulting in a denial of service (DoS), or potentially achieve arbitrary code execution through heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in libyang, which could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability arises from an integer overflow when processing a specially crafted LYB binary blob, impacting Red Hat products that consume libyang data, such as NETCONF servers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44673"
},
{
"category": "external",
"summary": "RHBZ#2477617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44673"
},
{
"category": "external",
"summary": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh",
"url": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh"
}
],
"release_date": "2026-05-14T20:35:13.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T10:13:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24758"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"AppStream-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"AppStream-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.src",
"CRB-10.2.Z:libyang-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debuginfo-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-debugsource-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-devel-doc-0:2.1.148-4.el10_2.x86_64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.aarch64",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.ppc64le",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.s390x",
"CRB-10.2.Z:libyang-tools-debuginfo-0:2.1.148-4.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob"
}
]
}
RHSA-2026:25051
Vulnerability from csaf_redhat - Published: 2026-06-10 11:37 - Updated: 2026-06-10 15:51Summary
Red Hat Security Advisory: libyang security update
Severity
Important
Notes
Topic: An update for libyang is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.
Security Fix(es):
* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the `lyb_read_string()` function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer (such as a NETCONF server), could trigger a crash, resulting in a denial of service (DoS), or potentially achieve arbitrary code execution through heap corruption.
7.5 (High)
Affected products
Fixed
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libyang is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libyang is YANG data modeling language parser and toolkit written (and providing API) in C.\n\nSecurity Fix(es):\n\n* libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob (CVE-2026-44673)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25051",
"url": "https://access.redhat.com/errata/RHSA-2026:25051"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2477617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477617"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25051.json"
}
],
"title": "Red Hat Security Advisory: libyang security update",
"tracking": {
"current_release_date": "2026-06-10T15:51:22+00:00",
"generator": {
"date": "2026-06-10T15:51:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:25051",
"initial_release_date": "2026-06-10T11:37:57+00:00",
"revision_history": [
{
"date": "2026-06-10T11:37:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-10T11:37:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T15:51:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"product": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"product_id": "libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-1.el9_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"product": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"product_id": "libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-1.el9_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"product": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"product_id": "libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-1.el9_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"product": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"product_id": "libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-1.el9_8.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libyang-0:2.1.148-1.el9_8.1.aarch64",
"product": {
"name": "libyang-0:2.1.148-1.el9_8.1.aarch64",
"product_id": "libyang-0:2.1.148-1.el9_8.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-1.el9_8.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-1.el9_8.1.i686",
"product": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.i686",
"product_id": "libyang-devel-0:2.1.148-1.el9_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-1.el9_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"product": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"product_id": "libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-1.el9_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"product": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"product_id": "libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-1.el9_8.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libyang-0:2.1.148-1.el9_8.1.i686",
"product": {
"name": "libyang-0:2.1.148-1.el9_8.1.i686",
"product_id": "libyang-0:2.1.148-1.el9_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-1.el9_8.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"product": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"product_id": "libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-1.el9_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"product": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"product_id": "libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-1.el9_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"product": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"product_id": "libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-1.el9_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"product": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"product_id": "libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-1.el9_8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libyang-0:2.1.148-1.el9_8.1.x86_64",
"product": {
"name": "libyang-0:2.1.148-1.el9_8.1.x86_64",
"product_id": "libyang-0:2.1.148-1.el9_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-1.el9_8.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"product": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"product_id": "libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-1.el9_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"product": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"product_id": "libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-1.el9_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"product": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"product_id": "libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-1.el9_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"product": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"product_id": "libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-1.el9_8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libyang-0:2.1.148-1.el9_8.1.ppc64le",
"product": {
"name": "libyang-0:2.1.148-1.el9_8.1.ppc64le",
"product_id": "libyang-0:2.1.148-1.el9_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-1.el9_8.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"product": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"product_id": "libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel@2.1.148-1.el9_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"product": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"product_id": "libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-devel-doc@2.1.148-1.el9_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"product": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"product_id": "libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debugsource@2.1.148-1.el9_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"product": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"product_id": "libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang-debuginfo@2.1.148-1.el9_8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libyang-0:2.1.148-1.el9_8.1.s390x",
"product": {
"name": "libyang-0:2.1.148-1.el9_8.1.s390x",
"product_id": "libyang-0:2.1.148-1.el9_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-1.el9_8.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-0:2.1.148-1.el9_8.1.src",
"product": {
"name": "libyang-0:2.1.148-1.el9_8.1.src",
"product_id": "libyang-0:2.1.148-1.el9_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libyang@2.1.148-1.el9_8.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.src",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.i686 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.i686",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"product_id": "CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64"
},
"product_reference": "libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"relates_to_product_reference": "CRB-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44673",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-14T21:01:08.333408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477617"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the `lyb_read_string()` function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer (such as a NETCONF server), could trigger a crash, resulting in a denial of service (DoS), or potentially achieve arbitrary code execution through heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in libyang, which could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability arises from an integer overflow when processing a specially crafted LYB binary blob, impacting Red Hat products that consume libyang data, such as NETCONF servers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44673"
},
{
"category": "external",
"summary": "RHBZ#2477617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44673"
},
{
"category": "external",
"summary": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh",
"url": "https://github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xh"
}
],
"release_date": "2026-05-14T20:35:13.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T11:37:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25051"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.src",
"CRB-9.8.0.Z.MAIN.EUS:libyang-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debuginfo-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-debugsource-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.i686",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-0:2.1.148-1.el9_8.1.x86_64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.aarch64",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.ppc64le",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.s390x",
"CRB-9.8.0.Z.MAIN.EUS:libyang-devel-doc-0:2.1.148-1.el9_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob"
}
]
}
SUSE-SU-2026:2334-1
Vulnerability from csaf_suse - Published: 2026-06-10 08:42 - Updated: 2026-06-10 08:42Summary
Security update for libyang
Severity
Important
Notes
Title of the patch: Security update for libyang
Description of the patch: This update for libyang fixes the following issues
- CVE-2026-41401: use-after-free in `lyd_parser_set_data_flags` when processing crafted YANG XML documents with specific
metadata attributes (bsc#1266316).
- CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when
parsing a maliciously crafted LYB binary blob (bsc#1265330).
Patchnames: SUSE-2026-2334,SUSE-SLE-SERVER-12-SP5-LTSS-2026-2334,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2334
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libyang",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libyang fixes the following issues\n\n- CVE-2026-41401: use-after-free in `lyd_parser_set_data_flags` when processing crafted YANG XML documents with specific\n metadata attributes (bsc#1266316).\n- CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when\n parsing a maliciously crafted LYB binary blob (bsc#1265330).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2334,SUSE-SLE-SERVER-12-SP5-LTSS-2026-2334,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2334",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2334-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2334-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262334-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2334-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026683.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265330",
"url": "https://bugzilla.suse.com/1265330"
},
{
"category": "self",
"summary": "SUSE Bug 1266316",
"url": "https://bugzilla.suse.com/1266316"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41401 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44673 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44673/"
}
],
"title": "Security update for libyang",
"tracking": {
"current_release_date": "2026-06-10T08:42:41Z",
"generator": {
"date": "2026-06-10T08:42:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2334-1",
"initial_release_date": "2026-06-10T08:42:41Z",
"revision_history": [
{
"date": "2026-06-10T08:42:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-8.8.1.aarch64",
"product": {
"name": "libyang-devel-2.1.148-8.8.1.aarch64",
"product_id": "libyang-devel-2.1.148-8.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-8.8.1.aarch64",
"product": {
"name": "libyang2-2.1.148-8.8.1.aarch64",
"product_id": "libyang2-2.1.148-8.8.1.aarch64"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-8.8.1.aarch64",
"product": {
"name": "yang-tools-2.1.148-8.8.1.aarch64",
"product_id": "yang-tools-2.1.148-8.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-8.8.1.i586",
"product": {
"name": "libyang-devel-2.1.148-8.8.1.i586",
"product_id": "libyang-devel-2.1.148-8.8.1.i586"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-8.8.1.i586",
"product": {
"name": "libyang2-2.1.148-8.8.1.i586",
"product_id": "libyang2-2.1.148-8.8.1.i586"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-8.8.1.i586",
"product": {
"name": "yang-tools-2.1.148-8.8.1.i586",
"product_id": "yang-tools-2.1.148-8.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-doc-2.1.148-8.8.1.noarch",
"product": {
"name": "libyang-doc-2.1.148-8.8.1.noarch",
"product_id": "libyang-doc-2.1.148-8.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-8.8.1.ppc64le",
"product": {
"name": "libyang-devel-2.1.148-8.8.1.ppc64le",
"product_id": "libyang-devel-2.1.148-8.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-8.8.1.ppc64le",
"product": {
"name": "libyang2-2.1.148-8.8.1.ppc64le",
"product_id": "libyang2-2.1.148-8.8.1.ppc64le"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-8.8.1.ppc64le",
"product": {
"name": "yang-tools-2.1.148-8.8.1.ppc64le",
"product_id": "yang-tools-2.1.148-8.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-8.8.1.s390",
"product": {
"name": "libyang-devel-2.1.148-8.8.1.s390",
"product_id": "libyang-devel-2.1.148-8.8.1.s390"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-8.8.1.s390",
"product": {
"name": "libyang2-2.1.148-8.8.1.s390",
"product_id": "libyang2-2.1.148-8.8.1.s390"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-8.8.1.s390",
"product": {
"name": "yang-tools-2.1.148-8.8.1.s390",
"product_id": "yang-tools-2.1.148-8.8.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-8.8.1.s390x",
"product": {
"name": "libyang-devel-2.1.148-8.8.1.s390x",
"product_id": "libyang-devel-2.1.148-8.8.1.s390x"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-8.8.1.s390x",
"product": {
"name": "libyang2-2.1.148-8.8.1.s390x",
"product_id": "libyang2-2.1.148-8.8.1.s390x"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-8.8.1.s390x",
"product": {
"name": "yang-tools-2.1.148-8.8.1.s390x",
"product_id": "yang-tools-2.1.148-8.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-8.8.1.x86_64",
"product": {
"name": "libyang-devel-2.1.148-8.8.1.x86_64",
"product_id": "libyang-devel-2.1.148-8.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-8.8.1.x86_64",
"product": {
"name": "libyang2-2.1.148-8.8.1.x86_64",
"product_id": "libyang2-2.1.148-8.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-8.8.1.x86_64",
"product": {
"name": "yang-tools-2.1.148-8.8.1.x86_64",
"product_id": "yang-tools-2.1.148-8.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64"
},
"product_reference": "libyang2-2.1.148-8.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le"
},
"product_reference": "libyang2-2.1.148-8.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x"
},
"product_reference": "libyang2-2.1.148-8.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64"
},
"product_reference": "libyang2-2.1.148-8.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64"
},
"product_reference": "libyang2-2.1.148-8.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le"
},
"product_reference": "libyang2-2.1.148-8.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x"
},
"product_reference": "libyang2-2.1.148-8.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64"
},
"product_reference": "libyang2-2.1.148-8.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-8.8.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64"
},
"product_reference": "libyang2-2.1.148-8.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41401"
}
],
"notes": [
{
"category": "general",
"text": "libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41401",
"url": "https://www.suse.com/security/cve/CVE-2026-41401"
},
{
"category": "external",
"summary": "SUSE Bug 1266316 for CVE-2026-41401",
"url": "https://bugzilla.suse.com/1266316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:42:41Z",
"details": "important"
}
],
"title": "CVE-2026-41401"
},
{
"cve": "CVE-2026-44673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44673"
}
],
"notes": [
{
"category": "general",
"text": "libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44673",
"url": "https://www.suse.com/security/cve/CVE-2026-44673"
},
{
"category": "external",
"summary": "SUSE Bug 1265330 for CVE-2026-44673",
"url": "https://bugzilla.suse.com/1265330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libyang2-2.1.148-8.8.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libyang2-2.1.148-8.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:42:41Z",
"details": "important"
}
],
"title": "CVE-2026-44673"
}
]
}
SUSE-SU-2026:2335-1
Vulnerability from csaf_suse - Published: 2026-06-10 08:43 - Updated: 2026-06-10 08:43Summary
Security update for libyang
Severity
Important
Notes
Title of the patch: Security update for libyang
Description of the patch: This update for libyang fixes the following issues
- CVE-2026-41401: use-after-free in `lyd_parser_set_data_flags` when processing crafted YANG XML documents with specific
metadata attributes (bsc#1266316).
- CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when
parsing a maliciously crafted LYB binary blob (bsc#1265330).
Patchnames: SUSE-2026-2335,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2335,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2335,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2335,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2335,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2335,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2335
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libyang",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libyang fixes the following issues\n\n- CVE-2026-41401: use-after-free in `lyd_parser_set_data_flags` when processing crafted YANG XML documents with specific\n metadata attributes (bsc#1266316).\n- CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when\n parsing a maliciously crafted LYB binary blob (bsc#1265330).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2335,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2335,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2335,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2335,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2335,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2335,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2335",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2335-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2335-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262335-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2335-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026682.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265330",
"url": "https://bugzilla.suse.com/1265330"
},
{
"category": "self",
"summary": "SUSE Bug 1266316",
"url": "https://bugzilla.suse.com/1266316"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41401 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44673 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44673/"
}
],
"title": "Security update for libyang",
"tracking": {
"current_release_date": "2026-06-10T08:43:17Z",
"generator": {
"date": "2026-06-10T08:43:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2335-1",
"initial_release_date": "2026-06-10T08:43:17Z",
"revision_history": [
{
"date": "2026-06-10T08:43:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.55-150500.3.5.1.aarch64",
"product": {
"name": "libyang-devel-2.1.55-150500.3.5.1.aarch64",
"product_id": "libyang-devel-2.1.55-150500.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.55-150500.3.5.1.aarch64",
"product": {
"name": "libyang2-2.1.55-150500.3.5.1.aarch64",
"product_id": "libyang2-2.1.55-150500.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.55-150500.3.5.1.aarch64",
"product": {
"name": "yang-tools-2.1.55-150500.3.5.1.aarch64",
"product_id": "yang-tools-2.1.55-150500.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.55-150500.3.5.1.i586",
"product": {
"name": "libyang-devel-2.1.55-150500.3.5.1.i586",
"product_id": "libyang-devel-2.1.55-150500.3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.55-150500.3.5.1.i586",
"product": {
"name": "libyang2-2.1.55-150500.3.5.1.i586",
"product_id": "libyang2-2.1.55-150500.3.5.1.i586"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.55-150500.3.5.1.i586",
"product": {
"name": "yang-tools-2.1.55-150500.3.5.1.i586",
"product_id": "yang-tools-2.1.55-150500.3.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-doc-2.1.55-150500.3.5.1.noarch",
"product": {
"name": "libyang-doc-2.1.55-150500.3.5.1.noarch",
"product_id": "libyang-doc-2.1.55-150500.3.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.55-150500.3.5.1.ppc64le",
"product": {
"name": "libyang-devel-2.1.55-150500.3.5.1.ppc64le",
"product_id": "libyang-devel-2.1.55-150500.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"product": {
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"product_id": "libyang2-2.1.55-150500.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.55-150500.3.5.1.ppc64le",
"product": {
"name": "yang-tools-2.1.55-150500.3.5.1.ppc64le",
"product_id": "yang-tools-2.1.55-150500.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.55-150500.3.5.1.s390x",
"product": {
"name": "libyang-devel-2.1.55-150500.3.5.1.s390x",
"product_id": "libyang-devel-2.1.55-150500.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.55-150500.3.5.1.s390x",
"product": {
"name": "libyang2-2.1.55-150500.3.5.1.s390x",
"product_id": "libyang2-2.1.55-150500.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.55-150500.3.5.1.s390x",
"product": {
"name": "yang-tools-2.1.55-150500.3.5.1.s390x",
"product_id": "yang-tools-2.1.55-150500.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.55-150500.3.5.1.x86_64",
"product": {
"name": "libyang-devel-2.1.55-150500.3.5.1.x86_64",
"product_id": "libyang-devel-2.1.55-150500.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.55-150500.3.5.1.x86_64",
"product": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64",
"product_id": "libyang2-2.1.55-150500.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.55-150500.3.5.1.x86_64",
"product": {
"name": "yang-tools-2.1.55-150500.3.5.1.x86_64",
"product_id": "yang-tools-2.1.55-150500.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.55-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.55-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41401"
}
],
"notes": [
{
"category": "general",
"text": "libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41401",
"url": "https://www.suse.com/security/cve/CVE-2026-41401"
},
{
"category": "external",
"summary": "SUSE Bug 1266316 for CVE-2026-41401",
"url": "https://bugzilla.suse.com/1266316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:43:17Z",
"details": "important"
}
],
"title": "CVE-2026-41401"
},
{
"cve": "CVE-2026-44673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44673"
}
],
"notes": [
{
"category": "general",
"text": "libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44673",
"url": "https://www.suse.com/security/cve/CVE-2026-44673"
},
{
"category": "external",
"summary": "SUSE Bug 1265330 for CVE-2026-44673",
"url": "https://bugzilla.suse.com/1265330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libyang2-2.1.55-150500.3.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libyang2-2.1.55-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:43:17Z",
"details": "important"
}
],
"title": "CVE-2026-44673"
}
]
}
SUSE-SU-2026:2337-1
Vulnerability from csaf_suse - Published: 2026-06-10 08:43 - Updated: 2026-06-10 08:43Summary
Security update for libyang
Severity
Important
Notes
Title of the patch: Security update for libyang
Description of the patch: This update for libyang fixes the following issues
- CVE-2026-41401: use-after-free in `lyd_parser_set_data_flags` when processing crafted YANG XML documents with specific
metadata attributes (bsc#1266316).
- CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when
parsing a maliciously crafted LYB binary blob (bsc#1265330).
Patchnames: SUSE-2026-2337,SUSE-SLE-Module-Server-Applications-15-SP7-2026-2337
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libyang",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libyang fixes the following issues\n\n- CVE-2026-41401: use-after-free in `lyd_parser_set_data_flags` when processing crafted YANG XML documents with specific\n metadata attributes (bsc#1266316).\n- CVE-2026-44673: integer overflow in `lyb_read_string()` of `src/parser_lyb.c` leads to heap buffer overflow when\n parsing a maliciously crafted LYB binary blob (bsc#1265330).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2337,SUSE-SLE-Module-Server-Applications-15-SP7-2026-2337",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2337-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2337-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262337-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2337-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026681.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265330",
"url": "https://bugzilla.suse.com/1265330"
},
{
"category": "self",
"summary": "SUSE Bug 1266316",
"url": "https://bugzilla.suse.com/1266316"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41401 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44673 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44673/"
}
],
"title": "Security update for libyang",
"tracking": {
"current_release_date": "2026-06-10T08:43:47Z",
"generator": {
"date": "2026-06-10T08:43:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2337-1",
"initial_release_date": "2026-06-10T08:43:47Z",
"revision_history": [
{
"date": "2026-06-10T08:43:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-150700.3.5.1.aarch64",
"product": {
"name": "libyang-devel-2.1.148-150700.3.5.1.aarch64",
"product_id": "libyang-devel-2.1.148-150700.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-150700.3.5.1.aarch64",
"product": {
"name": "libyang2-2.1.148-150700.3.5.1.aarch64",
"product_id": "libyang2-2.1.148-150700.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-150700.3.5.1.aarch64",
"product": {
"name": "yang-tools-2.1.148-150700.3.5.1.aarch64",
"product_id": "yang-tools-2.1.148-150700.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-150700.3.5.1.i586",
"product": {
"name": "libyang-devel-2.1.148-150700.3.5.1.i586",
"product_id": "libyang-devel-2.1.148-150700.3.5.1.i586"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-150700.3.5.1.i586",
"product": {
"name": "libyang2-2.1.148-150700.3.5.1.i586",
"product_id": "libyang2-2.1.148-150700.3.5.1.i586"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-150700.3.5.1.i586",
"product": {
"name": "yang-tools-2.1.148-150700.3.5.1.i586",
"product_id": "yang-tools-2.1.148-150700.3.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-doc-2.1.148-150700.3.5.1.noarch",
"product": {
"name": "libyang-doc-2.1.148-150700.3.5.1.noarch",
"product_id": "libyang-doc-2.1.148-150700.3.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-150700.3.5.1.ppc64le",
"product": {
"name": "libyang-devel-2.1.148-150700.3.5.1.ppc64le",
"product_id": "libyang-devel-2.1.148-150700.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-150700.3.5.1.ppc64le",
"product": {
"name": "libyang2-2.1.148-150700.3.5.1.ppc64le",
"product_id": "libyang2-2.1.148-150700.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-150700.3.5.1.ppc64le",
"product": {
"name": "yang-tools-2.1.148-150700.3.5.1.ppc64le",
"product_id": "yang-tools-2.1.148-150700.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-150700.3.5.1.s390x",
"product": {
"name": "libyang-devel-2.1.148-150700.3.5.1.s390x",
"product_id": "libyang-devel-2.1.148-150700.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-150700.3.5.1.s390x",
"product": {
"name": "libyang2-2.1.148-150700.3.5.1.s390x",
"product_id": "libyang2-2.1.148-150700.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-150700.3.5.1.s390x",
"product": {
"name": "yang-tools-2.1.148-150700.3.5.1.s390x",
"product_id": "yang-tools-2.1.148-150700.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libyang-devel-2.1.148-150700.3.5.1.x86_64",
"product": {
"name": "libyang-devel-2.1.148-150700.3.5.1.x86_64",
"product_id": "libyang-devel-2.1.148-150700.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libyang2-2.1.148-150700.3.5.1.x86_64",
"product": {
"name": "libyang2-2.1.148-150700.3.5.1.x86_64",
"product_id": "libyang2-2.1.148-150700.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "yang-tools-2.1.148-150700.3.5.1.x86_64",
"product": {
"name": "yang-tools-2.1.148-150700.3.5.1.x86_64",
"product_id": "yang-tools-2.1.148-150700.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP7",
"product_id": "SUSE Linux Enterprise Server 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-150700.3.5.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64"
},
"product_reference": "libyang2-2.1.148-150700.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-150700.3.5.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le"
},
"product_reference": "libyang2-2.1.148-150700.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-150700.3.5.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x"
},
"product_reference": "libyang2-2.1.148-150700.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyang2-2.1.148-150700.3.5.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64"
},
"product_reference": "libyang2-2.1.148-150700.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41401"
}
],
"notes": [
{
"category": "general",
"text": "libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata attributes to applications parsing untrusted XML data, causing process crashes or potential code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41401",
"url": "https://www.suse.com/security/cve/CVE-2026-41401"
},
{
"category": "external",
"summary": "SUSE Bug 1266316 for CVE-2026-41401",
"url": "https://bugzilla.suse.com/1266316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:43:47Z",
"details": "important"
}
],
"title": "CVE-2026-41401"
},
{
"cve": "CVE-2026-44673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44673"
}
],
"notes": [
{
"category": "general",
"text": "libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44673",
"url": "https://www.suse.com/security/cve/CVE-2026-44673"
},
{
"category": "external",
"summary": "SUSE Bug 1265330 for CVE-2026-44673",
"url": "https://bugzilla.suse.com/1265330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:libyang2-2.1.148-150700.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:43:47Z",
"details": "important"
}
],
"title": "CVE-2026-44673"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…