Vulnerabilities > CVE-2022-43357 - Out-of-bounds Write vulnerability in Sass-Lang Libsass and Sassc

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

sass-lang

CWE-787

NVD

Published: 2023-08-22

Updated: 2023-08-31

Summary

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

Vulnerable Configurations

Part	Description	Count
Application	Sass-Lang Sass Lang Sassc 3.6.2 Sass Lang Libsass 3.6.5-8-G210218	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/sass/libsass/issues/3177
https://github.com/sass/libsass
https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/