ID CVE-2018-19797
Summary In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
References
Vulnerable Configurations
  • cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 23-07-2019 - 18:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
misc https://github.com/sass/libsass/issues/2779
suse
  • openSUSE-SU-2019:1791
  • openSUSE-SU-2019:1800
  • openSUSE-SU-2019:1883
Last major update 23-07-2019 - 18:15
Published 03-12-2018 - 06:29
Last modified 23-07-2019 - 18:15
Back to Top