OESA-2024-1018
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1018
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1018.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2024-1018
- Upstream
- Published
- 2024-01-05T11:06:41Z
- Modified
- 2025-09-03T06:18:10.639620Z
- Summary
- libsass security update
- Details
-
Libsass is a Sass CSS precompiler which is ported for C/C++. This version is more efficient and portable than the original Ruby version. Keeping light and sample is its degisn philosophy which makes it more easier to be built and integrated with a immense amount of platforms and languages. Installation of saccs is needed if you want to run is directly as libsass is just a library.
Security Fix(es):
Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::hasrealparent_ref function.(CVE-2022-26592)
Stack overflow vulnerability in astselectors.cpp in function Sass::CompoundSelector::hasrealparentref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357)
Stack overflow vulnerability in astselectors.cpp: in function Sass::ComplexSelector::hasplaceholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / libsass
Package
- Name
- libsass
- Purl
- pkg:rpm/openEuler/libsass&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.4-2.oe1
Ecosystem specific
{
"x86_64": [
"libsass-debugsource-3.6.4-2.oe1.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe1.x86_64.rpm",
"libsass-3.6.4-2.oe1.x86_64.rpm",
"libsass-devel-3.6.4-2.oe1.x86_64.rpm"
],
"aarch64": [
"libsass-debuginfo-3.6.4-2.oe1.aarch64.rpm",
"libsass-debugsource-3.6.4-2.oe1.aarch64.rpm",
"libsass-3.6.4-2.oe1.aarch64.rpm",
"libsass-devel-3.6.4-2.oe1.aarch64.rpm"
],
"src": [
"libsass-3.6.4-2.oe1.src.rpm"
]
}
openEuler:20.03-LTS-SP3 / libsass
Package
- Name
- libsass
- Purl
- pkg:rpm/openEuler/libsass&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.4-2.oe1
Ecosystem specific
{
"x86_64": [
"libsass-debugsource-3.6.4-2.oe1.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe1.x86_64.rpm",
"libsass-devel-3.6.4-2.oe1.x86_64.rpm",
"libsass-3.6.4-2.oe1.x86_64.rpm"
],
"aarch64": [
"libsass-debugsource-3.6.4-2.oe1.aarch64.rpm",
"libsass-devel-3.6.4-2.oe1.aarch64.rpm",
"libsass-3.6.4-2.oe1.aarch64.rpm",
"libsass-debuginfo-3.6.4-2.oe1.aarch64.rpm"
],
"src": [
"libsass-3.6.4-2.oe1.src.rpm"
]
}
openEuler:20.03-LTS-SP4 / libsass
Package
- Name
- libsass
- Purl
- pkg:rpm/openEuler/libsass&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.4-2.oe2003sp4
Ecosystem specific
{
"x86_64": [
"libsass-devel-3.6.4-2.oe2003sp4.x86_64.rpm",
"libsass-3.6.4-2.oe2003sp4.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe2003sp4.x86_64.rpm",
"libsass-debugsource-3.6.4-2.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"libsass-3.6.4-2.oe2003sp4.aarch64.rpm",
"libsass-debugsource-3.6.4-2.oe2003sp4.aarch64.rpm",
"libsass-debuginfo-3.6.4-2.oe2003sp4.aarch64.rpm",
"libsass-devel-3.6.4-2.oe2003sp4.aarch64.rpm"
],
"src": [
"libsass-3.6.4-2.oe2003sp4.src.rpm"
]
}
openEuler:22.03-LTS / libsass
Package
- Name
- libsass
- Purl
- pkg:rpm/openEuler/libsass&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.4-2.oe2203sp2
Ecosystem specific
{
"x86_64": [
"libsass-devel-3.6.4-2.oe2203.x86_64.rpm",
"libsass-3.6.4-2.oe2203.x86_64.rpm",
"libsass-debugsource-3.6.4-2.oe2203.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203.x86_64.rpm",
"libsass-debugsource-3.6.4-2.oe2203sp1.x86_64.rpm",
"libsass-3.6.4-2.oe2203sp1.x86_64.rpm",
"libsass-devel-3.6.4-2.oe2203sp1.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203sp1.x86_64.rpm",
"libsass-debugsource-3.6.4-2.oe2203sp2.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203sp2.x86_64.rpm",
"libsass-devel-3.6.4-2.oe2203sp2.x86_64.rpm",
"libsass-3.6.4-2.oe2203sp2.x86_64.rpm"
],
"aarch64": [
"libsass-3.6.4-2.oe2203.aarch64.rpm",
"libsass-devel-3.6.4-2.oe2203.aarch64.rpm",
"libsass-debugsource-3.6.4-2.oe2203.aarch64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203.aarch64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203sp1.aarch64.rpm",
"libsass-3.6.4-2.oe2203sp1.aarch64.rpm",
"libsass-debugsource-3.6.4-2.oe2203sp1.aarch64.rpm",
"libsass-devel-3.6.4-2.oe2203sp1.aarch64.rpm",
"libsass-devel-3.6.4-2.oe2203sp2.aarch64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203sp2.aarch64.rpm",
"libsass-3.6.4-2.oe2203sp2.aarch64.rpm",
"libsass-debugsource-3.6.4-2.oe2203sp2.aarch64.rpm"
],
"src": [
"libsass-3.6.4-2.oe2203.src.rpm",
"libsass-3.6.4-2.oe2203sp1.src.rpm",
"libsass-3.6.4-2.oe2203sp2.src.rpm"
]
}
openEuler:22.03-LTS-SP1 / libsass
Package
- Name
- libsass
- Purl
- pkg:rpm/openEuler/libsass&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.4-2.oe2203sp1
Ecosystem specific
{
"x86_64": [
"libsass-debugsource-3.6.4-2.oe2203sp1.x86_64.rpm",
"libsass-3.6.4-2.oe2203sp1.x86_64.rpm",
"libsass-devel-3.6.4-2.oe2203sp1.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203sp1.x86_64.rpm"
],
"aarch64": [
"libsass-debuginfo-3.6.4-2.oe2203sp1.aarch64.rpm",
"libsass-3.6.4-2.oe2203sp1.aarch64.rpm",
"libsass-debugsource-3.6.4-2.oe2203sp1.aarch64.rpm",
"libsass-devel-3.6.4-2.oe2203sp1.aarch64.rpm"
],
"src": [
"libsass-3.6.4-2.oe2203sp1.src.rpm"
]
}
openEuler:22.03-LTS-SP2 / libsass
Package
- Name
- libsass
- Purl
- pkg:rpm/openEuler/libsass&distro=openEuler-22.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.4-2.oe2203sp2
Ecosystem specific
{
"x86_64": [
"libsass-debugsource-3.6.4-2.oe2203sp2.x86_64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203sp2.x86_64.rpm",
"libsass-devel-3.6.4-2.oe2203sp2.x86_64.rpm",
"libsass-3.6.4-2.oe2203sp2.x86_64.rpm"
],
"aarch64": [
"libsass-devel-3.6.4-2.oe2203sp2.aarch64.rpm",
"libsass-debuginfo-3.6.4-2.oe2203sp2.aarch64.rpm",
"libsass-3.6.4-2.oe2203sp2.aarch64.rpm",
"libsass-debugsource-3.6.4-2.oe2203sp2.aarch64.rpm"
],
"src": [
"libsass-3.6.4-2.oe2203sp2.src.rpm"
]
}