The reported flaw resides in the lyb_read_string() routine of the libyang library. An integer overflow occurs when the function processes a maliciously crafted LYB binary blob, resulting in a heap buffer overflow. This can cause the application to crash or, if the memory is overwritten, to corrupt critical data in memory, potentially leading to denial of service or giving an attacker the ability to execute arbitrary code. The weakness is a classic integer overflow leading to uncontrolled memory writes, which is documented as CWE-190.

This vulnerability affects the CESNET libyang package before the addition of the SO 5.2.15 release. Any program that depends on an unpatched libyang instance – for instance NETCONF servers, sysrepo instances, or other YANG-aware services – may be impacted. The patch is implemented in version 5.2.15 and later, so systems using an older release of this library should verify their version and upgrade promptly.

The CVSS score of 7.5 indicates a high severity. EPSS data is not available, and the vulnerability is not currently listed in the CISA KEV catalog. Attackers who can supply LYB data to the affected program can exploit the overflow; in practice, this means that a remote entity can potentially send maliciousLYB payloads over a network protocol such as NETCONF or other interfaces that accept LYB data. While the description does not enumerate reader restrictions, it is inferred that a remote vector is plausible when the consumer is exposed.