Description
There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1470714
Related Vulnerabilities
CVE-2021-33360 Vulnerability in npm package @stoqey/gnuplot
CVE-2022-31142 Vulnerability in npm package @fastify/bearer-auth
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2022-21810 Vulnerability in npm package smartctl
CVE-2023-37947 Vulnerability in maven package org.openshift.jenkins:openshift-login