ID CVE-2018-20190
Summary In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
References
Vulnerable Configurations
  • cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 23-07-2019 - 18:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 106232
misc https://github.com/sass/libsass/issues/2786
suse
  • openSUSE-SU-2019:1791
  • openSUSE-SU-2019:1800
  • openSUSE-SU-2019:1883
Last major update 23-07-2019 - 18:15
Published 17-12-2018 - 20:29
Last modified 23-07-2019 - 18:15
Back to Top