In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-04T09:00:00
Updated: 2024-08-05T11:44:20.721Z
Reserved: 2018-12-03T00:00:00
Link: CVE-2018-19837
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-12-04T09:29:00.320
Modified: 2019-07-23T18:15:13.207
Link: CVE-2018-19837
Redhat
No data.