CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Sass-lang : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-6286 125 2019-01-14 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
2 CVE-2019-6284 119 Overflow 2019-01-14 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
3 CVE-2019-6283 119 Overflow 2019-01-14 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
4 CVE-2018-20822 400 2019-04-23 2019-07-23
4.3
None Remote Medium Not required None None Partial
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
5 CVE-2018-20821 400 2019-04-23 2019-07-23
4.3
None Remote Medium Not required None None Partial
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
6 CVE-2018-20190 476 DoS 2018-12-17 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
7 CVE-2018-19839 125 2018-12-04 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
8 CVE-2018-19838 400 2018-12-04 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
9 CVE-2018-19837 400 2018-12-04 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
10 CVE-2018-19827 416 DoS 2018-12-03 2019-07-23
6.8
None Remote Medium Not required Partial Partial Partial
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
11 CVE-2018-19826 835 DoS 2018-12-03 2019-10-02
4.3
None Remote Medium Not required None None Partial
** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.
12 CVE-2018-19797 476 DoS 2018-12-03 2019-07-23
4.3
None Remote Medium Not required None None Partial
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
13 CVE-2018-19219 20 2018-11-12 2018-12-13
4.3
None Remote Medium Not required None None Partial
In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.
14 CVE-2018-19218 125 2018-11-12 2018-12-13
4.3
None Remote Medium Not required None None Partial
In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.
15 CVE-2018-11698 125 DoS 2018-06-04 2018-11-12
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
16 CVE-2018-11697 125 DoS 2018-06-04 2018-08-16
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
17 CVE-2018-11696 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
18 CVE-2018-11695 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
19 CVE-2018-11694 476 DoS 2018-06-04 2018-11-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
20 CVE-2018-11693 125 DoS 2018-06-04 2018-11-12
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
21 CVE-2018-11499 416 DoS 2018-05-26 2019-07-23
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.