Skip to main content

Libsass CVE-2017-12964

HIGH
Uncontrolled Recursion (CWE-674)
2017-08-18 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 18, 2017 - 21:29 cve.org
HIGH 7.5

DescriptionCVE.org

There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.

AnalysisAI

There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-674. There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. Affected products include: Libsass.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-11696 HIGH POC
8.8 Jun 04

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploit

CVE-2018-11695 HIGH POC
8.8 Jun 04

An issue was discovered in LibSass <3.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, n

CVE-2018-11694 HIGH POC
8.8 Jun 04

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploit

CVE-2018-11698 HIGH POC
8.1 Jun 04

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploit

CVE-2018-11697 HIGH POC
8.1 Jun 04

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploit

CVE-2018-11693 HIGH POC
8.1 Jun 04

An issue was discovered in LibSass through 3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploit

CVE-2017-11554 HIGH POC
7.5 Jul 23

There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. Rated

CVE-2017-11342 HIGH POC
7.5 Jul 17

There is an illegal address access in ast.cpp of LibSass 3.4.5. Rated high severity (CVSS 7.5), this vulnerability is re

CVE-2017-11341 HIGH POC
7.5 Jul 17

There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. Rated high severity (CVSS 7.5), this vulnerability

CVE-2017-11555 HIGH POC
7.5 Jul 23

There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. Rated high severity (CVS

CVE-2017-11556 HIGH POC
7.5 Jul 23

There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. Ra

CVE-2019-18799 MEDIUM POC
6.5 Nov 06

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp. R

Share

CVE-2017-12964 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy