CVE-2018-11693 — Out-of-bounds Read in Libsass
Severity
8.1HIGHNVD
NVD6.5
EPSS
0.4%
top 40.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 4
Latest updateMay 14
Description
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2
Affected Packages3 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4💬Community
4Bugzilla▶
CVE-2019-6286 libsass: heap-based buffer over-read in Sass::Prelexer::skip_over_scopes in prelexer.hpp↗2019-01-23
Bugzilla▶
CVE-2018-11693 libsass: Heap buffer over read in function Sass::Prelexer::skip_over_scopes in prelexer.hpp [epel-7]↗2018-06-07
Bugzilla▶
CVE-2018-11693 libsass: Heap buffer over read in function Sass::Prelexer::skip_over_scopes in prelexer.hpp↗2018-06-07
Bugzilla▶
CVE-2018-11693 libsass: Heap buffer over read in function Sass::Prelexer::skip_over_scopes in prelexer.hpp [fedora-all]↗2018-06-07