In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design
References
Link | Resource |
---|---|
https://github.com/sass/libsass/issues/2781 | Third Party Advisory |
Configurations
History
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
Summary | In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design |
Information
Published : 2018-12-03 19:29
Updated : 2024-04-11 01:01
NVD link : CVE-2018-19826
Mitre link : CVE-2018-19826
CVE.ORG link : CVE-2018-19826
JSON object : View
Products Affected
sass-lang
- libsass
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')