CVE-2022-26592 — Out-of-bounds Write in Libsass

Severity

8.8HIGHNVD

EPSS

0.1%

top 76.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 22

Description

Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶debiandebian/libsass< libsass 3.6.5+20231221-2 (forky)

▶Debianlibsass/libsass< 3.6.5+20231221-2+1

GHSA

GHSA-4v29-vc65-87m4: Stack Overflow vulnerability in libsass 3↗2023-08-22

▶

OSV

CVE-2022-26592: Stack Overflow vulnerability in libsass 3↗2023-08-22

▶

Microsoft

Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.↗2023-08-08

▶

Debian

CVE-2022-26592: libsass - Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real...↗2022

▶