Описание
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libsass | fixed | 3.6.5+20231221-1 | experimental | package |
| libsass | fixed | 3.6.5+20231221-2 | package | |
| libsass | ignored | bookworm | package | |
| libsass | no-dsa | bullseye | package | |
| libsass | no-dsa | buster | package |
Примечания
https://github.com/sass/libsass/issues/3177
https://github.com/sass/libsass/pull/3184
https://github.com/sass/libsass/commit/5bb0ea0c4b2ebebe542933f788ffacba459a717a (3.6.6)
Связанные уязвимости
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
