CVE-2018-19218Out-of-bounds Read in Libsass

CWE-125Out-of-bounds ReadCWE-674Uncontrolled Recursion7 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 53.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sass-lang Libsass
Timeline
PublishedNov 12
Latest updateMay 14

Description

In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cxrv-5xrr-3rp8: In LibSass 32022-05-14
OSV
CVE-2018-19218: In LibSass 32018-11-12

📋Vendor Advisories

1
Red Hat
libsass: illegal address access at Sass::Parser::parse_css_variable_value_token2018-10-28

💬Community

3
Bugzilla
CVE-2018-19218 libsass: illegal address access at Sass::Parser::parse_css_variable_value_token2018-11-21
Bugzilla
CVE-2018-19218 libsass: illegal address access at Sass::Parser::parse_css_variable_value_token [fedora-all]2018-11-21
Bugzilla
CVE-2018-19218 libsass: illegal address access at Sass::Parser::parse_css_variable_value_token [epel-7]2018-11-21