CVE-2022-43357Out-of-bounds Write in Libsass

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 56.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LibsassDebian LibsassSass-lang Libsass+2 more
Timeline
PublishedAug 22

Description

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

debiandebian/libsass< libsass 3.6.5+20231221-2 (forky)
Debianlibsass/libsass< 3.6.5+20231221-2+1
NVDsass-lang/libsass3.6.5-8-g210218
NVDsass-lang/sassc3.6.2

🔴Vulnerability Details

2
GHSA
GHSA-j7vr-2gc9-mmv7: Stack overflow vulnerability in ast_selectors2023-08-22
OSV
CVE-2022-43357: Stack overflow vulnerability in ast_selectors2023-08-22

📋Vendor Advisories

2
Microsoft
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (D2023-08-08
Debian
CVE-2022-43357: libsass - Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSele...2022