Description
In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1466411
Related Vulnerabilities
CVE-2018-11012 Vulnerability in maven package cc.ryanc:halo
CVE-2023-35151 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server
CVE-2018-3711 Vulnerability in npm package fastify
CVE-2019-1010266 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash
CVE-2018-1002204 Vulnerability in maven package org.webjars.npm:adm-zip