CVE-2022-43358 — Out-of-bounds Write in Libsass

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 65.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libsass Debian Libsass Sass-lang Libsass +1 more

Timeline

PublishedAug 22

Description

Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/libsass< libsass 3.6.5+20231221-2 (forky)

▶Debianlibsass/libsass< 3.6.5+20231221-2+1

▶NVDsass-lang/libsass3.6.5-8-g210218

▶msrcmsrc/azl3_libsass_3.6.6-1_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-57fv-hr9v-7rfx: Stack overflow vulnerability in ast_selectors↗2023-08-22

▶

OSV

CVE-2022-43358: Stack overflow vulnerability in ast_selectors↗2023-08-22

▶

📋Vendor Advisories

Microsoft

▶

Debian

CVE-2022-43358: libsass - Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSele...↗2022

▶