Vulnerabilities > Sass Lang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-14 | CVE-2019-6284 | Out-of-bounds Read vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp. | 6.5 |
| 2019-01-14 | CVE-2019-6283 | Out-of-bounds Read vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. | 6.5 |
| 2018-12-17 | CVE-2018-20190 | NULL Pointer Dereference vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file. | 4.3 |
| 2018-12-04 | CVE-2018-19839 | Out-of-bounds Read vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. | 4.3 |
| 2018-12-04 | CVE-2018-19838 | Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). | 4.3 |
| 2018-12-04 | CVE-2018-19837 | Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. | 4.3 |
| 2018-12-03 | CVE-2018-19827 | Use After Free vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. | 6.8 |
| 2018-12-03 | CVE-2018-19826 | Infinite Loop vulnerability in Sass-Lang Libsass 3.5.5 In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. | 6.5 |
| 2018-12-03 | CVE-2018-19797 | NULL Pointer Dereference vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. | 4.3 |
| 2018-11-12 | CVE-2018-19219 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sass-Lang Libsass 3.5.0 In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. | 4.3 |