Unrated severityNVD Advisory· Published Dec 4, 2018· Updated Aug 5, 2024
CVE-2018-19838
CVE-2018-19838
Description
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords4 versionspkg:rpm/opensuse/libsass&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libsass&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libsass&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/libsass&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.6.1-lp151.3.3.1+ 3 more
- (no CPE)range: < 3.6.1-lp151.3.3.1
- (no CPE)range: < 3.6.1-lp151.3.3.1
- (no CPE)range: < 3.6.1-bp150.3.3.1
- (no CPE)range: < 3.6.1-bp151.4.3.1
Patches
Vulnerability mechanics
References
4- lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/sass/libsass/issues/2660mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.