Unrated severityNVD Advisory· Published Dec 4, 2018· Updated Aug 5, 2024
CVE-2018-19837
CVE-2018-19837
Description
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords4 versionspkg:rpm/opensuse/libsass&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libsass&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libsass&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/libsass&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.6.1-lp151.3.3.1+ 3 more
- (no CPE)range: < 3.6.1-lp151.3.3.1
- (no CPE)range: < 3.6.1-lp151.3.3.1
- (no CPE)range: < 3.6.1-bp150.3.3.1
- (no CPE)range: < 3.6.1-bp151.4.3.1
Patches
Vulnerability mechanics
References
5- lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5fmitrex_refsource_MISC
- github.com/sass/libsass/issues/2659mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.