High severity7.5NVD Advisory· Published May 14, 2026· Updated May 15, 2026

CVE-2026-44673

Description

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer (NETCONF server, sysrepo, etc.) can trigger a crash or potential heap corruption. This vulnerability is fixed in SO 5.2.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in libyang's LYB parser leads to heap buffer overflow via crafted binary data, enabling crash or potential heap corruption.

Vulnerability

An integer overflow in lyb_read_string() in src/parser_lyb.c of libyang allows a heap buffer overflow when parsing a maliciously crafted LYB binary blob. The str_len field read from the input can be set to 0xFFFFFFFF, causing (str_len + 1) to wrap to 0, resulting in a zero-byte allocation via malloc(0) [1].

Exploitation

An attacker who can supply LYB data to any libyang consumer (e.g., a NETCONF server or sysrepo) can trigger the vulnerability without authentication. After the zero-byte allocation, the code performs a large memory copy (str_len * 8 bytes, which wraps to ~536 MB) and an unconditional out-of-bounds write of a null byte at offset 0xFFFFFFFF [1].

Impact

Successful exploitation causes a crash due to accessing invalid memory or potential heap corruption, which may be leveraged for arbitrary code execution depending on the environment [1].

Mitigation

The vulnerability is fixed in libyang SO 5.2.15. All users should upgrade to this version or later. No workarounds are available [1].

References

lyb_read_string() integer overflow → heap buffer overflow (CWE-190/CWE-122)

AI Insight generated by deepseek/deepseek-v4-flash-20260423 on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

libyang/libyangllm-create
Range: < SO 5.2.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/CESNET/libyang/security/advisories/GHSA-vw2p-pq79-92xhnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000