{"data":{"id":"371c817e-5b42-446a-9dd4-674b550f5734","title":"CVE-2026-44673: libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an ","summary":"libyang is a library for working with YANG (a data modeling language used in network configuration). Before version 5.2.15, the lyb_read_string() function had an integer overflow vulnerability (where a number calculation wraps around and causes unexpected behavior), which could lead to a heap buffer overflow (writing data past the end of allocated memory) when processing malicious LYB binary data. An attacker who can send LYB data to systems using libyang could crash the program or corrupt memory.","solution":"This vulnerability is fixed in SO 5.2.15. Update libyang to version 5.2.15 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44673","publishedAt":"2026-05-14T21:16:47.500Z","cveId":"CVE-2026-44673","cweIds":["CWE-190"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-14T21:16:47.500Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}