Critical libyang Vulnerability in Ubuntu Leads to Denial of Service Risk

A critical vulnerability has been identified in libyang, a parser toolkit for IETF YANG data modeling, affecting Ubuntu 26.04 LTS and 25.10. The flaw arises from improper handling of metadata list pointers, which could allow an attacker to crash the service or potentially execute arbitrary code. This vulnerability poses a significant denial of service threat if exploited via specially crafted network traffic. Users are advised to update their systems to the latest package versions to mitigate the risk. The affected versions include libyang3 3.13.6-1ubuntu0.1 for Ubuntu 26.04 and libyang3 3.13.5-2ubuntu0.1 for Ubuntu 25.10. A standard system update is recommended to apply the necessary changes. The vulnerability has been documented in Ubuntu Security Notice USN-8485-1.

Key Points: • libyang vulnerability could lead to denial of service or arbitrary code execution. • Affected systems include Ubuntu 26.04 LTS and 25.10 with specific libyang versions. • Users are urged to update their systems to mitigate the risk.