Description
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://github.com/sass/libsass/issues/2445
https://bugzilla.redhat.com/show_bug.cgi?id=1471780
Related Vulnerabilities
CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-common-config
CVE-2019-20921 Vulnerability in npm package bootstrap-select
CVE-2020-29204 Vulnerability in maven package com.xuxueli:xxl-job-admin
CVE-2021-23438 Vulnerability in npm package mpath
CVE-2019-9658 Vulnerability in maven package com.puppycrawl.tools:checkstyle