CVE-2019-18799 — NULL Pointer Dereference in Libsass

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 6

Latest updateMay 24

Description

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶debiandebian/libsass< libsass 3.6.3-1 (bookworm)

▶Debianlibsass/libsass< 3.6.3-1+3

GHSA

GHSA-j6f2-xv6r-9x28: LibSass before 3↗2022-05-24

▶

OSV

CVE-2019-18799: LibSass before 3↗2019-11-06

▶

Red Hat

libsass: NULL pointer dereference in Sass:Parser:parseCompoundSelector in parser_selectors.cpp↗2019-10-07

▶

Debian

CVE-2019-18799: libsass - LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCom...↗2019

▶

Bugzilla

CVE-2019-18799 libsass: NULL pointer dereference in Sass:Parser:parseCompoundSelector in parser_selectors.cpp [fedora-all]↗2020-06-29

▶

Bugzilla

CVE-2019-18799 libsass: NULL pointer dereference in Sass:Parser:parseCompoundSelector in parser_selectors.cpp [epel-7]↗2020-06-29

▶

Bugzilla

CVE-2019-18799 libsass: NULL pointer dereference in Sass:Parser:parseCompoundSelector in parser_selectors.cpp↗2020-06-29

▶