Vulnerabilities > Libsass

DATE CVE VULNERABILITY TITLE RISK
2017-08-18 CVE-2017-12964 Uncontrolled Recursion vulnerability in Libsass 3.4.5
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp.
network
low complexity
libsass CWE-674
7.8
7.8
2017-08-18 CVE-2017-12963 Out-of-bounds Read vulnerability in Libsass 3.4.5
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack.
network
low complexity
libsass CWE-125
5.0
5.0
2017-08-18 CVE-2017-12962 Missing Release of Resource after Effective Lifetime vulnerability in Libsass 3.4.5
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.
network
low complexity
libsass CWE-772
5.0
5.0
2017-07-24 CVE-2017-11608 Out-of-bounds Read vulnerability in Libsass 3.4.5
There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5.
network
libsass CWE-125
4.3
4.3
2017-07-24 CVE-2017-11605 Out-of-bounds Read vulnerability in Libsass 3.4.5
There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1.
network
libsass CWE-125
4.3
4.3
2017-07-23 CVE-2017-11556 Uncontrolled Recursion vulnerability in Libsass 3.4.5
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5.
network
low complexity
libsass CWE-674
5.0
5.0
2017-07-23 CVE-2017-11555 Improper Input Validation vulnerability in Libsass 3.4.5
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5.
network
low complexity
libsass CWE-20
5.0
5.0
2017-07-23 CVE-2017-11554 Uncontrolled Recursion vulnerability in Libsass 3.4.5
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5.
network
low complexity
libsass CWE-674
5.0
5.0
2017-07-17 CVE-2017-11342 Improper Input Validation vulnerability in Libsass 3.4.5
There is an illegal address access in ast.cpp of LibSass 3.4.5.
network
low complexity
libsass CWE-20
5.0
5.0
2017-07-17 CVE-2017-11341 Out-of-bounds Read vulnerability in Libsass 3.4.5
There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5.
network
low complexity
libsass CWE-125
5.0
5.0