CVE-2023-26917
📋 TL;DR
This vulnerability is a NULL pointer dereference in libyang's lysp_stmt_validate_value function that can cause denial of service (crash) when processing malicious YANG data. It affects systems using libyang versions 2.0.164 through 2.1.30 for network configuration management. The vulnerability requires an attacker to provide specially crafted YANG data to trigger the crash.
💻 Affected Systems
- libyang
- Systems using libyang library (network management tools, SDN controllers, NETCONF/YANG implementations)
📦 What is this software?
Libyang by Cesnet
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption through repeated crashes of applications using libyang, potentially affecting network device management and configuration systems.
Likely Case
Denial of service through application crashes when processing malicious YANG data, requiring service restarts.
If Mitigated
Limited impact with proper input validation and crash recovery mechanisms in place.
🎯 Exploit Status
Exploitation requires crafting specific YANG data to trigger the NULL pointer dereference. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.31 and later
Vendor Advisory: https://github.com/CESNET/libyang/issues/1987
Restart Required: Yes
Instructions:
1. Update libyang to version 2.1.31 or later. 2. Recompile any applications using libyang. 3. Restart services using the updated library.
🔧 Temporary Workarounds
Input Validation
allImplement strict input validation for YANG data before passing to libyang functions
Process Isolation
linuxRun libyang processing in isolated containers or processes with crash recovery
🧯 If You Can't Patch
- Implement network segmentation to limit YANG data sources to trusted systems only
- Deploy monitoring and alerting for application crashes related to libyang processing
🔍 How to Verify
Check if Vulnerable:
Check libyang version: ldd --version | grep libyang or check package version with your distribution's package managerCheck Version:
pkg-config --modversion libyang || yanglint --version || check package managerVerify Fix Applied:
Verify libyang version is 2.1.31 or later and test YANG data processing functionality📡 Detection & Monitoring
Log Indicators:
- Segmentation fault or crash logs from applications using libyang
- Unexpected process termination of YANG/NETCONF services
Network Indicators:
- Unusual YANG data patterns or repeated connection attempts to YANG services
SIEM Query:
process.name: "*yang*" AND event.type: "crash" OR "segmentation fault"