Vulnerabilites related to sass-lang - libsass
cve-2018-11697
Vulnerability from cvelistv5
Published
2018-06-04 06:00
Modified
2024-08-05 08:17
Severity ?
Summary
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
References
https://github.com/sass/libsass/issues/2656x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T08:17:08.987Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2656",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-06-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-08-16T16:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2656",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-11697",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2656",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2656",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-11697",
      datePublished: "2018-06-04T06:00:00",
      dateReserved: "2018-06-04T00:00:00",
      dateUpdated: "2024-08-05T08:17:08.987Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-20821
Vulnerability from cvelistv5
Published
2019-04-23 13:54
Modified
2024-08-05 12:12
Severity ?
Summary
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
References
https://github.com/sass/libsass/issues/2658x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:12:27.304Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2658",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2658",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-20821",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2658",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2658",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-20821",
      datePublished: "2019-04-23T13:54:07",
      dateReserved: "2019-04-23T00:00:00",
      dateUpdated: "2024-08-05T12:12:27.304Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19837
Vulnerability from cvelistv5
Published
2018-12-04 09:00
Modified
2024-08-05 11:44
Severity ?
Summary
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
References
https://github.com/sass/libsass/issues/2659x_refsource_MISC
https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5fx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.721Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2659",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2659",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19837",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2659",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2659",
                  },
                  {
                     name: "https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19837",
      datePublished: "2018-12-04T09:00:00",
      dateReserved: "2018-12-03T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.721Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6284
Vulnerability from cvelistv5
Published
2019-01-14 22:00
Modified
2024-08-04 20:16
Severity ?
Summary
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
References
https://github.com/sass/libsass/issues/2816x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:16:24.648Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2816",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2816",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-6284",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2816",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2816",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6284",
      datePublished: "2019-01-14T22:00:00",
      dateReserved: "2019-01-14T00:00:00",
      dateUpdated: "2024-08-04T20:16:24.648Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6286
Vulnerability from cvelistv5
Published
2019-01-14 22:00
Modified
2024-08-04 20:16
Severity ?
Summary
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
References
https://github.com/sass/libsass/issues/2815x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:16:24.818Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2815",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2815",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-6286",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2815",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2815",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6286",
      datePublished: "2019-01-14T22:00:00",
      dateReserved: "2019-01-14T00:00:00",
      dateUpdated: "2024-08-04T20:16:24.818Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43358
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:34
Severity ?
Summary
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).
References
https://github.com/sass/libsass
https://drive.google.com/file/d/1j5fkPjWH9zQeTdO_4dMcZ-FpOBzP0MaI/
https://github.com/sass/libsass/issues/3178
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:26:02.915Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://drive.google.com/file/d/1j5fkPjWH9zQeTdO_4dMcZ-FpOBzP0MaI/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/3178",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-43358",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T14:34:37.549574Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T14:34:45.835Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-22T15:45:38.689183",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/sass/libsass",
            },
            {
               url: "https://drive.google.com/file/d/1j5fkPjWH9zQeTdO_4dMcZ-FpOBzP0MaI/",
            },
            {
               url: "https://github.com/sass/libsass/issues/3178",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-43358",
      datePublished: "2023-08-22T00:00:00",
      dateReserved: "2022-10-17T00:00:00",
      dateUpdated: "2024-10-03T14:34:45.835Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19827
Vulnerability from cvelistv5
Published
2018-12-03 19:00
Modified
2024-08-05 11:44
Severity ?
Summary
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
References
https://github.com/sass/libsass/issues/2782x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.494Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2782",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2782",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19827",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2782",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2782",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19827",
      datePublished: "2018-12-03T19:00:00",
      dateReserved: "2018-12-03T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.494Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-11693
Vulnerability from cvelistv5
Published
2018-06-04 06:00
Modified
2024-08-05 08:17
Severity ?
Summary
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
References
https://github.com/sass/libsass/issues/2661x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T08:17:08.491Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2661",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-06-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-12T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2661",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-11693",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2661",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2661",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-11693",
      datePublished: "2018-06-04T06:00:00",
      dateReserved: "2018-06-04T00:00:00",
      dateUpdated: "2024-08-05T08:17:08.491Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-11696
Vulnerability from cvelistv5
Published
2018-06-04 06:00
Modified
2024-08-05 08:17
Severity ?
Summary
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
References
https://github.com/sass/libsass/issues/2665x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T08:17:09.000Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2665",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-06-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-12T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2665",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-11696",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2665",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2665",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-11696",
      datePublished: "2018-06-04T06:00:00",
      dateReserved: "2018-06-04T00:00:00",
      dateUpdated: "2024-08-05T08:17:09.000Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6283
Vulnerability from cvelistv5
Published
2019-01-14 22:00
Modified
2024-08-04 20:16
Severity ?
Summary
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
References
https://github.com/sass/libsass/issues/2814x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:16:24.678Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2814",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2814",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-6283",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2814",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2814",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6283",
      datePublished: "2019-01-14T22:00:00",
      dateReserved: "2019-01-14T00:00:00",
      dateUpdated: "2024-08-04T20:16:24.678Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-11694
Vulnerability from cvelistv5
Published
2018-06-04 06:00
Modified
2024-08-05 08:17
Severity ?
Summary
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
References
https://github.com/sass/libsass/issues/2663x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T08:17:08.982Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2663",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-06-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-12T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2663",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-11694",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2663",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2663",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-11694",
      datePublished: "2018-06-04T06:00:00",
      dateReserved: "2018-06-04T00:00:00",
      dateUpdated: "2024-08-05T08:17:08.982Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19797
Vulnerability from cvelistv5
Published
2018-12-03 06:00
Modified
2024-08-05 11:44
Severity ?
Summary
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
References
https://github.com/sass/libsass/issues/2779x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.534Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2779",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2779",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19797",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2779",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2779",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19797",
      datePublished: "2018-12-03T06:00:00",
      dateReserved: "2018-12-03T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.534Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19218
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-08-05 11:30
Severity ?
Summary
In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1643758x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:30:04.178Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-11-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-12T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19218",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19218",
      datePublished: "2018-11-12T19:00:00",
      dateReserved: "2018-11-12T00:00:00",
      dateUpdated: "2024-08-05T11:30:04.178Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43357
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:35
Severity ?
Summary
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
References
https://github.com/sass/libsass
https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/
https://github.com/sass/libsass/issues/3177
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:26:02.982Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/3177",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-43357",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T14:35:41.283944Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T14:35:50.380Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-22T15:45:38.679360",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/sass/libsass",
            },
            {
               url: "https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/",
            },
            {
               url: "https://github.com/sass/libsass/issues/3177",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-43357",
      datePublished: "2023-08-22T00:00:00",
      dateReserved: "2022-10-17T00:00:00",
      dateUpdated: "2024-10-03T14:35:50.380Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19826
Vulnerability from cvelistv5
Published
2018-12-03 19:00
Modified
2024-08-05 11:44
Severity ?
Summary
In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design
References
https://github.com/sass/libsass/issues/2781x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-19826",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-06-18T19:59:18.299590Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-18T19:59:26.752Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.680Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2781",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as \"won't fix\" and \"works as intended\" by design",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-20T19:47:44",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2781",
            },
         ],
         tags: [
            "disputed",
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19826",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as \"won't fix\" and \"works as intended\" by design.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2781",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2781",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19826",
      datePublished: "2018-12-03T19:00:00",
      dateReserved: "2018-12-03T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.680Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19838
Vulnerability from cvelistv5
Published
2018-12-04 09:00
Modified
2024-08-05 11:44
Severity ?
Summary
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
References
https://github.com/sass/libsass/issues/2660x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.530Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2660",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2660",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19838",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2660",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2660",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19838",
      datePublished: "2018-12-04T09:00:00",
      dateReserved: "2018-12-03T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.530Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-11695
Vulnerability from cvelistv5
Published
2018-06-04 06:00
Modified
2024-08-05 08:17
Severity ?
Summary
An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
References
https://github.com/sass/libsass/issues/2664x_refsource_MISC
https://github.com/sass/libsass/releasesx_refsource_MISC
https://github.com/sass/libsass/pull/2631x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T08:17:08.640Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2664",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/releases",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/pull/2631",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-06-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-28T13:37:30",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2664",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/releases",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/pull/2631",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-11695",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2664",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2664",
                  },
                  {
                     name: "https://github.com/sass/libsass/releases",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/releases",
                  },
                  {
                     name: "https://github.com/sass/libsass/pull/2631",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/pull/2631",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-11695",
      datePublished: "2018-06-04T06:00:00",
      dateReserved: "2018-06-04T00:00:00",
      dateUpdated: "2024-08-05T08:17:08.640Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18799
Vulnerability from cvelistv5
Published
2019-11-06 15:07
Modified
2024-08-05 02:02
Severity ?
Summary
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.
References
https://github.com/sass/libsass/issues/3001x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:02:39.596Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/3001",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-06T15:07:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/3001",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-18799",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/3001",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/3001",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18799",
      datePublished: "2019-11-06T15:07:09",
      dateReserved: "2019-11-06T00:00:00",
      dateUpdated: "2024-08-05T02:02:39.596Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-11499
Vulnerability from cvelistv5
Published
2018-05-26 20:00
Modified
2024-08-05 08:10
Severity ?
Summary
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
References
https://github.com/sass/libsass/issues/2643x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T08:10:14.837Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2643",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-05-26T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2643",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-11499",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2643",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2643",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-11499",
      datePublished: "2018-05-26T20:00:00",
      dateReserved: "2018-05-26T00:00:00",
      dateUpdated: "2024-08-05T08:10:14.837Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-20822
Vulnerability from cvelistv5
Published
2019-04-23 13:54
Modified
2024-08-05 12:12
Severity ?
Summary
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
References
https://github.com/sass/libsass/issues/2671x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:12:27.003Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2671",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2671",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-20822",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2671",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2671",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-20822",
      datePublished: "2019-04-23T13:54:19",
      dateReserved: "2019-04-23T00:00:00",
      dateUpdated: "2024-08-05T12:12:27.003Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19839
Vulnerability from cvelistv5
Published
2018-12-04 09:00
Modified
2024-08-05 11:44
Severity ?
Summary
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
References
https://github.com/sass/libsass/pull/2767x_refsource_MISC
https://github.com/sass/libsass/issues/2657x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:44:20.539Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/pull/2767",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2657",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/pull/2767",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2657",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19839",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/pull/2767",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/pull/2767",
                  },
                  {
                     name: "https://github.com/sass/libsass/issues/2657",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2657",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19839",
      datePublished: "2018-12-04T09:00:00",
      dateReserved: "2018-12-03T00:00:00",
      dateUpdated: "2024-08-05T11:44:20.539Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-11698
Vulnerability from cvelistv5
Published
2018-06-04 06:00
Modified
2024-08-05 08:17
Severity ?
Summary
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
References
https://github.com/sass/libsass/issues/2662x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T08:17:09.098Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2662",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-06-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-12T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2662",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-11698",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2662",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2662",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-11698",
      datePublished: "2018-06-04T06:00:00",
      dateReserved: "2018-06-04T00:00:00",
      dateUpdated: "2024-08-05T08:17:09.098Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18798
Vulnerability from cvelistv5
Published
2019-11-06 15:07
Modified
2024-08-05 02:02
Severity ?
Summary
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
References
https://github.com/sass/libsass/issues/2999x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:02:39.698Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2999",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-06T15:07:20",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2999",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-18798",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/2999",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2999",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18798",
      datePublished: "2019-11-06T15:07:20",
      dateReserved: "2019-11-06T00:00:00",
      dateUpdated: "2024-08-05T02:02:39.698Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-20190
Vulnerability from cvelistv5
Published
2018-12-17 20:00
Modified
2024-08-05 11:58
Severity ?
Summary
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
References
http://www.securityfocus.com/bid/106232vdb-entry, x_refsource_BID
https://github.com/sass/libsass/issues/2786x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlvendor-advisory, x_refsource_SUSE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:58:18.151Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "106232",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106232",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/2786",
               },
               {
                  name: "openSUSE-SU-2019:1791",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
               },
               {
                  name: "openSUSE-SU-2019:1800",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
               },
               {
                  name: "openSUSE-SU-2019:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-12-17T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-08-14T17:06:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "106232",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/106232",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/2786",
            },
            {
               name: "openSUSE-SU-2019:1791",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
            },
            {
               name: "openSUSE-SU-2019:1800",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
            },
            {
               name: "openSUSE-SU-2019:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-20190",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "106232",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/106232",
                  },
                  {
                     name: "https://github.com/sass/libsass/issues/2786",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/2786",
                  },
                  {
                     name: "openSUSE-SU-2019:1791",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1800",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1883",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-20190",
      datePublished: "2018-12-17T20:00:00",
      dateReserved: "2018-12-17T00:00:00",
      dateUpdated: "2024-08-05T11:58:18.151Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-26592
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 17:44
Severity ?
Summary
Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.
References
https://github.com/sass/libsass/issues/3174
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T05:03:33.115Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/3174",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-26592",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T17:44:10.794603Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T17:44:23.315Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-22T15:53:14.383956",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/sass/libsass/issues/3174",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-26592",
      datePublished: "2023-08-22T00:00:00",
      dateReserved: "2022-03-07T00:00:00",
      dateUpdated: "2024-10-03T17:44:23.315Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18797
Vulnerability from cvelistv5
Published
2019-11-06 15:07
Modified
2024-08-05 02:02
Severity ?
Summary
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
References
https://github.com/sass/libsass/issues/3000x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:02:39.603Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sass/libsass/issues/3000",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-06T15:07:28",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sass/libsass/issues/3000",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-18797",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/sass/libsass/issues/3000",
                     refsource: "MISC",
                     url: "https://github.com/sass/libsass/issues/3000",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18797",
      datePublished: "2019-11-06T15:07:28",
      dateReserved: "2019-11-06T00:00:00",
      dateUpdated: "2024-08-05T02:02:39.603Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-19219
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-08-05 11:30
Severity ?
Summary
In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1643760x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T11:30:04.180Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643760",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-11-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-11-12T22:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643760",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-19219",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1643760",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643760",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-19219",
      datePublished: "2018-11-12T19:00:00",
      dateReserved: "2018-11-12T00:00:00",
      dateUpdated: "2024-08-05T11:30:04.180Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2018-06-04 06:29
Modified
2024-11-21 03:43
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2656Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2656Exploit, Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "869BCB44-9C59-4F63-A77B-1EFFFB780155",
                     versionEndIncluding: "3.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en LibSass hasta la versión 3.5.4. Se ha detectado una lectura fuera de límites de una región de memoria en la función Sass::Prelexer::exactly() que un atacante podría utilizar para divulgar información o manipular para leer desde memoria no mapeada, provocando una denegación de servicio (DoS).",
      },
   ],
   id: "CVE-2018-11697",
   lastModified: "2024-11-21T03:43:50.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-06-04T06:29:00.887",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2656",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2656",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-06-04 06:29
Modified
2024-11-21 03:43
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2665Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2665Exploit, Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "869BCB44-9C59-4F63-A77B-1EFFFB780155",
                     versionEndIncluding: "3.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en LibSass hasta su versión 3.5.4. Se ha encontrado una desreferencia de puntero NULL en la función SSass::Inspect::operator, que podría ser aprovechada por un atacante para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar.",
      },
   ],
   id: "CVE-2018-11696",
   lastModified: "2024-11-21T03:43:50.803",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-06-04T06:29:00.843",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2665",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2665",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
References
cve@mitre.orghttps://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/Exploit, Permissions Required, Third Party Advisory
cve@mitre.orghttps://github.com/sass/libsassProduct
cve@mitre.orghttps://github.com/sass/libsass/issues/3177Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/Exploit, Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsassProduct
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/3177Exploit, Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.6.5-8-g210218
sass-lang sassc 3.6.2


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.6.5-8-g210218:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD554F0E-70F8-4860-8F1A-292E60E0F9A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sass-lang:sassc:3.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5701EB35-B580-49A4-9BB2-575049483A38",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de desbordamiento de pila en ast_selectors.cpp en la función Sass::CompoundSelector::has_real_parent_ref en libsass:3.6.5-8-g210218, que puede ser explotada por atacantes para causar una denegación de servicio (DoS). También afecta al controlador de línea de comandos para libsass, sassc 3.6.2.",
      },
   ],
   id: "CVE-2022-43357",
   lastModified: "2024-11-21T07:26:19.753",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-22T19:16:29.527",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://github.com/sass/libsass",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3177",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://github.com/sass/libsass",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3177",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-11-12 19:29
Modified
2024-11-21 03:57
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.
References
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1643760Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1643760Exploit, Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AE02350-31D5-4F00-B2CD-0AD2C6AB1250",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.",
      },
      {
         lang: "es",
         value: "En LibSass 3.5-stable, hay un acceso ilegal a direcciones en Sass::Eval::operator que conducirá a un ataque de denegación de servicio (DoS).",
      },
   ],
   id: "CVE-2018-19219",
   lastModified: "2024-11-21T03:57:35.363",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-11-12T19:29:00.660",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643760",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643760",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-03 19:29
Modified
2024-11-21 03:58
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttps://github.com/sass/libsass/issues/2782Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2782Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F93E15-A191-40F7-BADA-F4EE73DA6F7B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.",
      },
      {
         lang: "es",
         value: "En LibSass 3.5.5, existe una vulnerabilidad de uso de memoria previamente liberada en la clase SharedPtr en SharedPtr.cpp (o SharedPtr.hpp) que puede causar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, provocar otro impacto no especificado.",
      },
   ],
   id: "CVE-2018-19827",
   lastModified: "2024-11-21T03:58:38.270",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-03T19:29:00.397",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2782",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2782",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-17 20:29
Modified
2024-11-21 04:01
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttp://www.securityfocus.com/bid/106232Third Party Advisory, VDB Entry
cve@mitre.orghttps://github.com/sass/libsass/issues/2786Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106232Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2786Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F93E15-A191-40F7-BADA-F4EE73DA6F7B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.",
      },
      {
         lang: "es",
         value: "En LibSass 3.5.5, una desreferencia de puntero NULL en la función Sass::Eval::operator()(Sass::Supports_Operator*) en eval.cpp podría provocar una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo de entradas sass manipulado.",
      },
   ],
   id: "CVE-2018-20190",
   lastModified: "2024-11-21T04:01:03.397",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-17T20:29:00.310",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106232",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2786",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106232",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2786",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-04-23 14:29
Modified
2024-11-21 04:02
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
cve@mitre.orghttps://github.com/sass/libsass/issues/2671Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2671Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.4


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "808EA44D-5943-4834-93C2-44D82A5FAADE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).",
      },
      {
         lang: "es",
         value: "LibSass 3.5.4 permite a los atacantes causar una denegación de servicio (recursión incontrolada en Sass::Complex_Selector::perform en ast.hpp y Sass::Inspect::operator en inspect.cpp).",
      },
   ],
   id: "CVE-2018-20822",
   lastModified: "2024-11-21T04:02:15.600",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-04-23T14:29:00.540",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2671",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2671",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-674",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-03 06:29
Modified
2024-11-21 03:58
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttps://github.com/sass/libsass/issues/2779Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2779Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F93E15-A191-40F7-BADA-F4EE73DA6F7B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.",
      },
      {
         lang: "es",
         value: "En LibSass 3.5.5, una desreferencia de puntero NULL en la función Sass::Selector_List::populate_extends en SharedPtr.hpp (utilizado por ast.cpp y ast_selectors.cpp) podría provocar una denegación de servicio (cierre inesperado) mediante un archivo de entrada sass manipulado.",
      },
   ],
   id: "CVE-2018-19797",
   lastModified: "2024-11-21T03:58:34.933",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-03T06:29:00.743",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2779",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2779",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-06-04 06:29
Modified
2024-11-21 03:43
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2664Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/sass/libsass/pull/2631
cve@mitre.orghttps://github.com/sass/libsass/releases
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2664Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/pull/2631
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/releases
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D235D9AB-27A0-4242-B828-EFB7C3EF8D95",
                     versionEndIncluding: "3.5.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en LibSass versión anterior a 3.5.3. Se ha encontrado una desreferencia de puntero NULL en la función Sass::Expand::operator, que podría ser aprovechada por un atacante para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar.",
      },
   ],
   id: "CVE-2018-11695",
   lastModified: "2024-11-21T03:43:50.660",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-06-04T06:29:00.797",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2664",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/sass/libsass/pull/2631",
      },
      {
         source: "cve@mitre.org",
         url: "https://github.com/sass/libsass/releases",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2664",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/sass/libsass/pull/2631",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/sass/libsass/releases",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-06 16:15
Modified
2024-11-21 04:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/3001Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/3001Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "95D2FCD6-0BE0-41D4-93B6-05B7AE69EBF8",
                     versionEndExcluding: "3.6.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.",
      },
      {
         lang: "es",
         value: "LibSass versiones anteriores a 3.6.3, permite una desreferencia del puntero NULL en la función Sass::Parser::parseCompoundSelector en el archivo parser_selectors.cpp.",
      },
   ],
   id: "CVE-2019-18799",
   lastModified: "2024-11-21T04:33:35.460",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-06T16:15:10.930",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3001",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3001",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-06-04 06:29
Modified
2024-11-21 03:43
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2661Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2661Exploit, Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "869BCB44-9C59-4F63-A77B-1EFFFB780155",
                     versionEndIncluding: "3.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en LibSass hasta su versión 3.5.4. Se ha encontrado una lectura fuera de límites de una región de memoria en la función Sass::Prelexer::skip_over_scopes que podría ser aprovechada por un atacante para revelar información o manipulada para ser leída desde la memoria no mapeada, lo que provocaría una denegación de servicio (DoS).",
      },
   ],
   id: "CVE-2018-11693",
   lastModified: "2024-11-21T03:43:50.373",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-06-04T06:29:00.670",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2661",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2661",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-04-23 14:29
Modified
2024-11-21 04:02
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
cve@mitre.orghttps://github.com/sass/libsass/issues/2658Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2658Exploit, Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7377DD2D-250C-48D1-92F9-55C557967804",
                     versionEndIncluding: "3.5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).",
      },
      {
         lang: "es",
         value: "El componente de análisis en LibSass versión hasta 3.5.5 permite a los atacantes causar una denegación de servicio (recursión no controlada Sass::Parser::parse_css_variable_value in parser.cpp).",
      },
   ],
   id: "CVE-2018-20821",
   lastModified: "2024-11-21T04:02:15.457",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-04-23T14:29:00.460",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2658",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2658",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-674",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-06 16:15
Modified
2024-11-21 04:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/3000Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/3000Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AE7008C-073C-4058-91D2-1395ACBC2EC6",
                     versionEndExcluding: "3.6.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.",
      },
      {
         lang: "es",
         value: "LibSass versión 3.6.1, presenta una recursión no controlada en la función Sass::Eval::operator()(Sass::Binary_Expression*) en el archivo eval.cpp.",
      },
   ],
   id: "CVE-2019-18797",
   lastModified: "2024-11-21T04:33:35.177",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-06T16:15:10.820",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3000",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3000",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-674",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-14 22:29
Modified
2024-11-21 04:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
cve@mitre.orghttps://github.com/sass/libsass/issues/2816Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2816Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F93E15-A191-40F7-BADA-F4EE73DA6F7B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.",
      },
      {
         lang: "es",
         value: "Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la versión 3.5.5 de LibSass en Sass::Prelexer::alternatives in prelexer.hpp.",
      },
   ],
   id: "CVE-2019-6284",
   lastModified: "2024-11-21T04:46:22.063",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-14T22:29:00.343",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2816",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2816",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 06:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/3174Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/3174Exploit, Issue Tracking
Impacted products
Vendor Product Version
sass-lang libsass 3.6.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "945F5630-C5D9-4A40-AF30-E994FC017A72",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de desbordamiento de pila en libsass 3.6.5 a través de la función CompoundSelector::has_real_parent_ref.",
      },
   ],
   id: "CVE-2022-26592",
   lastModified: "2024-11-21T06:54:10.677",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-22T19:16:22.240",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
         ],
         url: "https://github.com/sass/libsass/issues/3174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
         ],
         url: "https://github.com/sass/libsass/issues/3174",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-14 22:29
Modified
2024-11-21 04:46
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttps://github.com/sass/libsass/issues/2815Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2815Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F93E15-A191-40F7-BADA-F4EE73DA6F7B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.",
      },
      {
         lang: "es",
         value: "Existe una sobrelectura de búfer basada en memoria dinámica (heap) en LibSass 3.5.5, en Sass::Prelexer::skip_over_scopes en prelexer.hpp, cuando se llama desde Sass::Parser::parse_import(). Este problema es similar a CVE-2018-11693.",
      },
   ],
   id: "CVE-2019-6286",
   lastModified: "2024-11-21T04:46:22.347",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-14T22:29:00.437",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2815",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2815",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-04 09:29
Modified
2024-11-21 03:58
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttps://github.com/sass/libsass/issues/2660Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2660Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4006729-14F5-408A-8C41-B267A1188EB7",
                     versionEndExcluding: "3.5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().",
      },
      {
         lang: "es",
         value: "En LibSass, en versiones anteriores a la 3.5.5, las funciones en ast.cpp para la expansión IMPLEMENT_AST_OPERATORS permiten que los atacantes provoquen una denegación de servicio (DoS) que resulta del consumo de pila mediante un archivo sass manipulado. Esto queda demostrado por llamadas recursivas relacionadas con clone(), cloneChildren() y copy().",
      },
   ],
   id: "CVE-2018-19838",
   lastModified: "2024-11-21T03:58:39.833",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-04T09:29:00.490",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2660",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2660",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).
References
cve@mitre.orghttps://drive.google.com/file/d/1j5fkPjWH9zQeTdO_4dMcZ-FpOBzP0MaI/Permissions Required, Third Party Advisory
cve@mitre.orghttps://github.com/sass/libsassProduct
cve@mitre.orghttps://github.com/sass/libsass/issues/3178Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://drive.google.com/file/d/1j5fkPjWH9zQeTdO_4dMcZ-FpOBzP0MaI/Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsassProduct
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/3178Exploit, Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.6.5-8-g210218


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.6.5-8-g210218:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD554F0E-70F8-4860-8F1A-292E60E0F9A3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de desbordamiento de pila en ast_selectors.cpp: en la función Sass::ComplexSelector::has_placeholder en libsass:3.6.5-8-g210218, que puede ser explotada por atacantes para causar una denegación de servicio (DoS).",
      },
   ],
   id: "CVE-2022-43358",
   lastModified: "2024-11-21T07:26:19.950",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-22T19:16:29.603",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://drive.google.com/file/d/1j5fkPjWH9zQeTdO_4dMcZ-FpOBzP0MaI/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://github.com/sass/libsass",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3178",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Third Party Advisory",
         ],
         url: "https://drive.google.com/file/d/1j5fkPjWH9zQeTdO_4dMcZ-FpOBzP0MaI/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://github.com/sass/libsass",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/3178",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-06-04 06:29
Modified
2024-11-21 03:43
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2663Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2663Exploit, Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "869BCB44-9C59-4F63-A77B-1EFFFB780155",
                     versionEndIncluding: "3.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en LibSass hasta su versión 3.5.4. Se ha encontrado una desreferencia de puntero NULL en la función Sass::Functions::selector_append, que podría ser aprovechada por un atacante para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar.",
      },
   ],
   id: "CVE-2018-11694",
   lastModified: "2024-11-21T03:43:50.520",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-06-04T06:29:00.733",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2663",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2663",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-476",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-11-12 19:29
Modified
2024-11-21 03:57
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.
References
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1643758Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1643758Exploit, Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2AE02350-31D5-4F00-B2CD-0AD2C6AB1250",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.",
      },
      {
         lang: "es",
         value: "En LibSass 3.5-stable, hay un acceso ilegal a direcciones en Sass::Parser::parse_css_variable_value_token que conducirá a un ataque de denegación de servicio (DoS).",
      },
   ],
   id: "CVE-2018-19218",
   lastModified: "2024-11-21T03:57:35.207",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-11-12T19:29:00.627",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643758",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-11-06 16:15
Modified
2024-11-21 04:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2999Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2999Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "95D2FCD6-0BE0-41D4-93B6-05B7AE69EBF8",
                     versionEndExcluding: "3.6.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.",
      },
      {
         lang: "es",
         value: "LibSass versiones anteriores a 3.6.3, permite una lectura excesiva del búfer en la región heap de la memoria en la función Sass::weaveParents en el archivo ast_sel_weave.cpp.",
      },
   ],
   id: "CVE-2019-18798",
   lastModified: "2024-11-21T04:33:35.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-06T16:15:10.883",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2999",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2999",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-14 22:29
Modified
2024-11-21 04:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
cve@mitre.orghttps://github.com/sass/libsass/issues/2814Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2814Exploit, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F93E15-A191-40F7-BADA-F4EE73DA6F7B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.",
      },
      {
         lang: "es",
         value: "Existe una sobrelectura de búfer basada en memoria dinámica (heap) en la versión 3.5.5 de LibSass en Sass::Prelexer::parenthese_scope in prelexer.hpp.",
      },
   ],
   id: "CVE-2019-6283",
   lastModified: "2024-11-21T04:46:21.927",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-14T22:29:00.280",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2814",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2814",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-04 09:29
Modified
2024-11-21 03:58
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttps://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5fExploit, Third Party Advisory
cve@mitre.orghttps://github.com/sass/libsass/issues/2659Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5fExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2659Patch, Vendor Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4006729-14F5-408A-8C41-B267A1188EB7",
                     versionEndExcluding: "3.5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.",
      },
      {
         lang: "es",
         value: "En LibSass, en versiones anteriores a la 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) en eval.cpp permite que los atacantes provoquen una denegación de servicio (DoS) que resulta del consumo de la pila mediante un archivo sass manipulado. Esto se debe a cierto análisis incorrecto de \"%\" como operador modulo en parser.cpp.",
      },
   ],
   id: "CVE-2018-19837",
   lastModified: "2024-11-21T03:58:39.693",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-04T09:29:00.320",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2659",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2659",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-03 19:29
Modified
2024-11-21 03:58
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2781Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2781Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass 3.5.5


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:3.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F93E15-A191-40F7-BADA-F4EE73DA6F7B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [
      {
         sourceIdentifier: "cve@mitre.org",
         tags: [
            "disputed",
         ],
      },
   ],
   descriptions: [
      {
         lang: "en",
         value: "In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as \"won't fix\" and \"works as intended\" by design",
      },
      {
         lang: "es",
         value: "** EN DISPUTA ** En inspect.cpp en LibSass 3.5.5, una huella de memoria alta causada por un bucle indenido (que contiene un marco de pila Sass :: Inspect :: operator () (Sass :: String_Quoted *)) puede causar una denegación de servicio a través de archivos de entrada sass diseñados con caracteres '&' o '/' extraviados. NOTA: Los comentarios aguas arriba indican que este problema está cerrado ya que \"no se solucionará\" y \"funciona según lo previsto\" por diseño.",
      },
   ],
   id: "CVE-2018-19826",
   lastModified: "2024-11-21T03:58:38.127",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-03T19:29:00.350",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2781",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2781",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-835",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-06-04 06:29
Modified
2024-11-21 03:43
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
References
cve@mitre.orghttps://github.com/sass/libsass/issues/2662Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2662Exploit, Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "869BCB44-9C59-4F63-A77B-1EFFFB780155",
                     versionEndIncluding: "3.5.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en LibSass hasta su versión 3.5.4. Se ha encontrado una lectura fuera de límites de una región de memoria en la función Sass::handle_error que podría ser aprovechada por un atacante para revelar información o manipulada para ser leída desde la memoria no mapeada, lo que provocaría una denegación de servicio (DoS).",
      },
   ],
   id: "CVE-2018-11698",
   lastModified: "2024-11-21T03:43:51.073",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-06-04T06:29:00.937",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2662",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2662",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-05-26 20:29
Modified
2024-11-21 03:43
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttps://github.com/sass/libsass/issues/2643Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2643Issue Tracking, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4F27D07-DBA4-4536-BA5F-95F29E4A9B9F",
                     versionEndIncluding: "3.5.4",
                     versionStartIncluding: "3.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.",
      },
      {
         lang: "es",
         value: "Existe una vulnerabilidad de uso de memoria previamente liberada en handle_error() en sass_context.cpp en LibSass 3.4.x y versiones 3.5.x hasta la 3.5.4 que podría aprovecharse para provocar una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, otro tipo de impacto sin especificar.",
      },
   ],
   id: "CVE-2018-11499",
   lastModified: "2024-11-21T03:43:29.610",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-05-26T20:29:00.403",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2643",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2643",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-12-04 09:29
Modified
2024-11-21 03:58
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
cve@mitre.orghttps://github.com/sass/libsass/issues/2657Exploit, Third Party Advisory
cve@mitre.orghttps://github.com/sass/libsass/pull/2767Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/issues/2657Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sass/libsass/pull/2767Patch, Third Party Advisory
Impacted products
Vendor Product Version
sass-lang libsass *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sass-lang:libsass:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4006729-14F5-408A-8C41-B267A1188EB7",
                     versionEndExcluding: "3.5.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.",
      },
      {
         lang: "es",
         value: "En LibSass, en versiones anteriores a la 3.5.5, la función handle_error en sass_context.cpp permite que los atacantes provoquen una denegación de servicio (DoS) que resulta de una sobrelectura de búfer basada en memoria dinámica (heap) mediante un archivo sass manipulado.",
      },
   ],
   id: "CVE-2018-19839",
   lastModified: "2024-11-21T03:58:39.973",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-12-04T09:29:00.537",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2657",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/pull/2767",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/issues/2657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/sass/libsass/pull/2767",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}