Description

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Remediation

References

https://github.com/sass/libsass/issues/2815

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html

Related Vulnerabilities

CVE-2022-25645 Vulnerability in npm package dset

CVE-2023-22894 Vulnerability in npm package @strapi/strapi

CVE-2020-7737 Vulnerability in npm package safetydance

CVE-2020-28500 Vulnerability in maven package org.fujion.webjars:lodash

CVE-2020-27664 Vulnerability in npm package strapi

Severity

High

Classification

CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory