Description
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1471780
https://github.com/sass/libsass/issues/2445
Related Vulnerabilities
CVE-2021-25929 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2020-14966 Vulnerability in npm package jsrsasign
CVE-2020-7640 Vulnerability in npm package fun-map
CVE-2022-30500 Vulnerability in maven package com.jflyfox:jflyfox_jfinal
CVE-2022-43411 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin