Vulnerabilities > Sass Lang > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-19839 | Out-of-bounds Read vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. | 6.5 |
| 2018-12-04 | CVE-2018-19838 | Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). | 6.5 |
| 2018-12-04 | CVE-2018-19837 | Resource Exhaustion vulnerability in Sass-Lang Libsass In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. | 6.5 |
| 2018-12-03 | CVE-2018-19826 | Infinite Loop vulnerability in Sass-Lang Libsass 3.5.5 In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. | 6.5 |
| 2018-12-03 | CVE-2018-19797 | NULL Pointer Dereference vulnerability in Sass-Lang Libsass 3.5.5 In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. | 6.5 |
| 2018-11-12 | CVE-2018-19219 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sass-Lang Libsass 3.5.0 In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. | 6.5 |
| 2018-11-12 | CVE-2018-19218 | Out-of-bounds Read vulnerability in Sass-Lang Libsass 3.5.0 In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. | 6.5 |