SUSE CVE-2017-11341

There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack...

CVE-2017-11341

There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack...

Heap overflow

There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack...

LibSass 'lexer.hpp' heap buffer over-read vulnerability

LibSass is an open source written in C using Sass CSS extension language parser . A heap buffer out-of-bounds read vulnerability exists in the lexer.hpp file in LibSass version 3.4.5. A remote attacker can exploit this vulnerability with specially crafted input to cause a denial of service...

LibSass: heap-buffer-overflow (read outside of buffer) in Sass::Prelexer::exactly<(char)92>(char const*) - libsass/src/lexer.hpp:92

Built with afl-clang-fast from git source 5909ba5. Feeding a file that contains nothing but '\ to sassc triggers this flaw. ==22006==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000ef93 at pc 0x000000907c6a bp 0x7fff656d9430 sp 0x7fff656d9428 READ of size 1 at 0x60200000ef93...