An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

🗓️ 01 Aug 2023 00:00:00Reported by MicrosoftType

Null pointer dereference in LibSass 3.5.4 in Sass::Functions::selector_append causes denial of service.

Reporter	Title	Published	Views	Family All 29
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System.	16 Aug 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties in Open Source packages affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data	6 Dec 202316:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities	30 Mar 202316:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities	12 Dec 202317:28	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202317:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect is impacted by multiple open source software vulnerabilities.	1 Apr 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vunerable to libsass and node-sass vulnerabilities	6 Dec 202316:20	–	ibm
IBM Security Bulletins	Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)	27 Apr 202222:51	–	ibm
CBLMariner	CVE-2018-11694 affecting package reaper for versions less than 3.1.1-6	5 Feb 202522:12	–	cbl_mariner
CBLMariner	CVE-2018-11694 affecting package reaper for versions less than 3.1.1-7	19 Mar 202417:21	–	cbl_mariner

Vulners

Node

01 Aug 2023 00:00Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 38.8

CVSS 3.18.8

EPSS0.01707