PT-2019-10261 · Sass+2 · Libsass+2

Hongxuchen

Publicado

2019-04-23

Atualizado

2023-02-28

CVE-2018-20822

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: LibSass version 3.5.4

Description: The issue allows attackers to cause a denial-of-service due to uncontrolled recursion. This occurs in the Sass::Complex Selector::perform function in ast.hpp and the Sass::Inspect::operator in inspect.cpp.

Recommendations: For LibSass version 3.5.4, consider disabling the Sass::Complex Selector::perform function and the Sass::Inspect::operator as a temporary workaround until a patch is available. Restrict access to the affected modules to minimize the risk of exploitation.

Exploit

Correção

DoS

Uncontrolled Recursion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-674

Identificadores relacionados

ALT-PU-2020-1653

CVE-2018-20822

MGASA-2020-0049

OPENSUSE-SU-2019:1791-1

OPENSUSE-SU-2019:1800-1

OPENSUSE-SU-2019:1883-1

OPENSUSE-SU-2019_1791-1

OPENSUSE-SU-2024:10988-1

Produtos afetados

Alt Linux

Libsass

Suse

PT-2019-10261 · Sass+2 · Libsass+2

CVE-2018-20822

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 91