Ex7L0It

**Name of the Vulnerable Software and Affected Versions** libsass versions 3.6.5-8-g210218 sassc version 3.6.2 **Description** The issue is a stack overflow vulnerability in the ast selectors.cpp file, specifically in the `Sass::CompoundSelector::has real parent ref` function. This vulnerability can be exploited by attackers to cause a denial of service (DoS). The command line driver for libsass, sassc, is also affected. **Recommendations** For libsass version 3.6.5-8-g210218, consider updating to a newer version to resolve the issue. For sassc version 3.6.2, consider updating to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the `Sass::CompoundSelector::has real parent ref` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsass version 3.6.5-8-g210218 **Description** The issue is a stack overflow vulnerability in the ast selectors.cpp file, specifically in the Sass::ComplexSelector::has placeholder function. This can be exploited by attackers to cause a denial of service (DoS). **Recommendations** For libsass version 3.6.5-8-g210218, consider updating to a newer version that contains a fix for this issue, as using the vulnerable function Sass::ComplexSelector::has placeholder can lead to a denial of service (DoS). At the moment, there is no information about a newer version that contains a fix for this vulnerability.