Vulnerabilities > Sass Lang > Libsass > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-19838 | Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). | 4.3 |
| 2018-12-04 | CVE-2018-19837 | Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. | 4.3 |
| 2018-12-03 | CVE-2018-19827 | Use After Free vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. | 6.8 |
| 2018-12-03 | CVE-2018-19826 | Infinite Loop vulnerability in Sass-Lang Libsass 3.5.5 In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. | 6.5 |
| 2018-12-03 | CVE-2018-19797 | NULL Pointer Dereference vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. | 4.3 |
| 2018-11-12 | CVE-2018-19219 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sass-Lang Libsass 3.5.0 In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. | 4.3 |
| 2018-11-12 | CVE-2018-19218 | Out-of-bounds Read vulnerability in Sass-Lang Libsass 3.5.0 In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. | 4.3 |
| 2018-06-04 | CVE-2018-11698 | Out-of-bounds Read vulnerability in Sass-Lang Libsass An issue was discovered in LibSass through 3.5.4. | 5.8 |
| 2018-06-04 | CVE-2018-11697 | Out-of-bounds Read vulnerability in Sass-Lang Libsass An issue was discovered in LibSass through 3.5.4. | 5.8 |
| 2018-06-04 | CVE-2018-11696 | NULL Pointer Dereference vulnerability in Sass-Lang Libsass An issue was discovered in LibSass through 3.5.4. | 6.8 |