CVE-2022-43358

2023-08-2219:16:29

Debian Security Bug Tracker

security-tracker.debian.org

vulnerability

stack overflow

ast_selectors.cpp

libsass

dos

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

36.4%

JSON

Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).

OSVersionArchitecturePackageVersionFilename
Debian12alllibsass<= 3.6.5+20220909-1libsass_3.6.5+20220909-1_all.deb
Debian11alllibsass<= 3.6.4+20201122-1libsass_3.6.4+20201122-1_all.deb
Debian999alllibsass< 3.6.5+20231221-2libsass_3.6.5+20231221-2_all.deb
Debian13alllibsass< 3.6.5+20231221-2libsass_3.6.5+20231221-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libsass	<= 3.6.5+20220909-1	libsass_3.6.5+20220909-1_all.deb
Debian	11	all	libsass	<= 3.6.4+20201122-1	libsass_3.6.4+20201122-1_all.deb
Debian	999	all	libsass	< 3.6.5+20231221-2	libsass_3.6.5+20231221-2_all.deb
Debian	13	all	libsass	< 3.6.5+20231221-2	libsass_3.6.5+20231221-2_all.deb