CVE-2018-11694 — NULL Pointer Dereference in Libsass

CWE-476 — NULL Pointer Dereference8 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 37.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsass Debian Libsass Sass-lang Libsass +3 more

Timeline

PublishedJun 4

Latest updateMay 14

Description

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶debiandebian/libsass< libsass 3.6.3-1 (bookworm)

▶Debianlibsass/libsass< 3.6.3-1+3

▶NVDsass-lang/libsass3.5.4

▶msrcmsrc/cbl_mariner_2.0_arm

▶msrcmsrc/cbl_mariner_2.0_x64

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-352r-pm46-cmhx: An issue was discovered in LibSass through 3↗2022-05-14

▶

OSV

CVE-2018-11694: An issue was discovered in LibSass through 3↗2018-06-04

▶

📋Vendor Advisories

Microsoft

▶

Debian

CVE-2018-11694: libsass - An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was...↗2018

▶

💬Community

Bugzilla

CVE-2018-11694 libsass: NULL pointer dereference in function Sass::Functions::selector_append in functions.cpp [epel-7]↗2018-06-07

▶

Bugzilla

CVE-2018-11694 libsass: NULL pointer dereference in function Sass::Functions::selector_append in functions.cpp [fedora-all]↗2018-06-07

▶

Bugzilla

CVE-2018-11694 libsass: NULL pointer dereference in function Sass::Functions::selector_append in functions.cpp↗2018-06-07

▶