ANT-2026-TZQ1KH7E: Heap use-after-free write in metadata list management during XML data parsing due to incorrect list head pointer update

A heap use-after-free write occurs in metadata list management during XML data parsing due to an incorrect update of the list head pointer.

Target

Project: libyang
Discovery: static analysis — not yet dynamically reproduced

Technical Details

During XML data parsing, the code managing the metadata linked list updates the list head pointer incorrectly, leaving a reference to freed heap memory that is subsequently written to.

Reproduction

This finding was identified by static analysis and has not yet been dynamically reproduced. The Technical Details section above describes the code path; a trigger input is not included.

[No reproducer or sanitizer output attached — request from cvd@anthropic.com if needed.]

Acknowledgement

This vulnerability was discovered by Claude, Anthropic's AI assistant, and triaged by the Anthropic security team in collaboration with Anthropic Research. Please direct questions to security-cvd@anthropic.com and reference ANT-2026-TZQ1KH7E.

Reference: ANT-2026-TZQ1KH7E
Anthropic CVD Policy: https://anthropic.com/security/cvd-policy

Summary

A heap use-after-free write in libyang’s XML data parser can be triggered by a crafted YANG XML document with specific metadata attributes, leading to memory corruption (process crash, and potentially code execution in some deployments).

In lyd_parser_set_data_flags at src/parser_common.c:316-319, the metadata list head pointer is incorrectly updated when freeing a non-head "default" metadata entry.

Validated against: https://github.com/CESNET/libyang @ 6b5ed47ee674fbe86b31bbebc4ff26889aeff38c (devel)

Details and PoC

Build fuzzers:

  git clone https://github.com/google/oss-fuzz.git
  cd oss-fuzz
  python3 infra/helper.py build_fuzzers --sanitizer address libyang

Run the PoC: python3 infra/helper.py reproduce libyang lyd_parse_mem_xml poc.bin

Expected output: ASAN reports heap-use-after-free WRITE in lyd_insert_meta at tree_data.c:1313.

We have attached a zip containing:

• Full technical details of each finding
• Reproduction steps and proof-of-concept where applicable
• Candidate patch(es) with regression tests

Impact

Any application using libyang to parse attacker-controlled (or semi-trusted) XML-encoded YANG instance data (NETCONF/RESTCONF, config import, etc.) is impacted. That can lead to denial of service issues. Depending on allocator behavior and application heap layout, memory corruption could potentially be leveraged further.

Bug discovery context

Anthropic is conducting research into the use of large language models for automated vulnerability discovery in open source software. As part of that work, Anthropic used Claude to scan a set of widely used open source projects for security issues. Anthropic then engaged Trail of Bits to independently triage, manually validate, and develop patches for the findings. Each issue in this report has been reviewed and confirmed by human security researchers at Trail of Bits.

Thank you for your work on libyang!