Lucene search

K

MitreCVELIST:CVE-2018-19837

HistoryDec 04, 2018 - 9:00 a.m.

CVE-2018-19837

2018-12-0409:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.3%

In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of ‘%’ as a modulo operator in parser.cpp.

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html

lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html

github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f

github.com/sass/libsass/issues/2659

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.3%

Related for CVELIST:CVE-2018-19837

cve1 prion1 osv1 debiancve1 redhatcve1 veracode1 nvd1 ubuntucve1 mageia1 suse3 nessus1 openvas2 ibm2