CVE-2018-19839Out-of-bounds Read in Libsass

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LibsassSass-lang LibsassDebian Libsass
Timeline
PublishedDec 4
Latest updateMay 14

Description

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/libsass< libsass 3.5.5-4 (bookworm)
NVDsass-lang/libsass< 3.5.5
Debianlibsass/libsass< 3.5.5-4+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-pfp7-r6qm-94j7: In LibSass prior to 32022-05-14
OSV
CVE-2018-19839: In LibSass prior to 32018-12-04

📋Vendor Advisories

3
Ubuntu
LibSass vulnerabilities2021-03-15
Red Hat
libsass: Heap-based buffer over-read in the handle_error function resulting in a denial of service2018-06-02
Debian
CVE-2018-19839: libsass - In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows ...2018

💬Community

3
Bugzilla
CVE-2018-19797 CVE-2018-19826 CVE-2018-19827 CVE-2018-19837 CVE-2018-19838 CVE-2018-19839 CVE-2018-20190 libsass: various flaws [epel-7]2019-01-31
Bugzilla
CVE-2018-19797 CVE-2018-19826 CVE-2018-19827 CVE-2018-19837 CVE-2018-19838 CVE-2018-19839 CVE-2018-20190 libsass: various flaws [fedora-all]2019-01-31
Bugzilla
CVE-2018-19839 libsass: Heap-based buffer over-read in the handle_error function resulting in a denial of service2019-01-31