alpine · CVE-2021-28904

Quick triage

Priority: high Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2021-28904: 1 source package rows (libyang); 1 state rows across 1 repos (edge-community); fixed 1, open 0.

Description:

In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.

cvelogic Threat Intelligence