Vulnerabilities > Sass Lang > Libsass > 3.5.3

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-18799 NULL Pointer Dereference vulnerability in Sass-Lang Libsass
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.
network
sass-lang CWE-476
4.3
2019-11-06 CVE-2019-18798 Out-of-bounds Read vulnerability in Sass-Lang Libsass
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.
network
sass-lang CWE-125
4.3
2019-11-06 CVE-2019-18797 Uncontrolled Recursion vulnerability in Sass-Lang Libsass
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
network
sass-lang CWE-674
4.3
2019-04-23 CVE-2018-20821 Uncontrolled Recursion vulnerability in Sass-Lang Libsass
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
network
low complexity
sass-lang CWE-674
6.5
2018-12-04 CVE-2018-19839 Out-of-bounds Read vulnerability in Sass-Lang Libsass
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
network
sass-lang CWE-125
4.3
2018-12-04 CVE-2018-19838 Resource Exhaustion vulnerability in Sass-Lang Libsass
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
network
sass-lang CWE-400
4.3
2018-12-04 CVE-2018-19837 Resource Exhaustion vulnerability in Sass-Lang Libsass
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
network
sass-lang CWE-400
4.3
2018-06-04 CVE-2018-11698 Out-of-bounds Read vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
sass-lang CWE-125
5.8
2018-06-04 CVE-2018-11697 Out-of-bounds Read vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
sass-lang CWE-125
5.8
2018-06-04 CVE-2018-11696 NULL Pointer Dereference vulnerability in Sass-Lang Libsass
An issue was discovered in LibSass through 3.5.4.
network
sass-lang CWE-476
6.8