CVE-2018-19219Improper Restriction of Operations within the Bounds of a Memory Buffer in Libsass

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sass-lang Libsass
Timeline
PublishedNov 12
Latest updateMay 13

Description

In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-47qh-hp87-xm7h: In LibSass 32022-05-13
OSV
CVE-2018-19219: In LibSass 32018-11-12

💬Community

3
Bugzilla
CVE-2018-19219 libsass: illegal address access at Sass::Eval::operator2018-11-21
Bugzilla
CVE-2018-19219 libsass: illegal address access at Sass::Eval::operator [epel-7]2018-11-21
Bugzilla
CVE-2018-19219 libsass: illegal address access at Sass::Eval::operator [fedora-all]2018-11-21