CVE-2018-19827Use After Free in Libsass

CWE-416Use After FreeCWE-843Type Confusion10 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 37.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LibsassDebian LibsassSass-lang Libsass+1 more
Timeline
PublishedDec 3
Latest updateMay 14

Description

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/libsass< libsass 3.5.5-3 (bookworm)
Debianlibsass/libsass< 3.5.5-3+3

🔴Vulnerability Details

2
GHSA
GHSA-69g9-qc4v-m973: In LibSass 32022-05-14
OSV
CVE-2018-19827: In LibSass 32018-12-03

📋Vendor Advisories

4
Ubuntu
LibSass vulnerabilities2021-03-15
Microsoft
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified o2018-12-11
Red Hat
libsass: Use-after-free in SharedPtr class resulting in a denial of service2018-12-03
Debian
CVE-2018-19827: libsass - In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class i...2018

💬Community

3
Bugzilla
CVE-2018-19797 CVE-2018-19826 CVE-2018-19827 CVE-2018-19837 CVE-2018-19838 CVE-2018-19839 CVE-2018-20190 libsass: various flaws [epel-7]2019-01-31
Bugzilla
CVE-2018-19827 libsass: Use-after-free in SharedPtr class resulting in a denial of service2019-01-31
Bugzilla
CVE-2018-19797 CVE-2018-19826 CVE-2018-19827 CVE-2018-19837 CVE-2018-19838 CVE-2018-19839 CVE-2018-20190 libsass: various flaws [fedora-all]2019-01-31
CVE-2018-19827 — Use After Free in Debian Libsass | cvebase