Description
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1471780
https://github.com/sass/libsass/issues/2445
Related Vulnerabilities
CVE-2022-28366 Vulnerability in maven package net.sourceforge.htmlunit:neko-htmlunit
CVE-2017-16016 Vulnerability in npm package sanitize-html
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2018-1002202 Vulnerability in maven package net.lingala.zip4j:zip4j
CVE-2023-29213 Vulnerability in maven package org.xwiki.platform:xwiki-platform-logging-script