OESA-2024-1049

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1049
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1049.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2024-1049
Upstream
Published
2024-01-12T11:06:45Z
Modified
2025-09-03T06:18:10.699393Z
Summary
libsass security update
Details

Libsass is a Sass CSS precompiler which is ported for C/C++. This version is more efficient and portable than the original Ruby version. Keeping light and sample is its degisn philosophy which makes it more easier to be built and integrated with a immense amount of platforms and languages. Installation of saccs is needed if you want to run is directly as libsass is just a library.

Security Fix(es):

Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::hasrealparent_ref function.(CVE-2022-26592)

Stack overflow vulnerability in astselectors.cpp in function Sass::CompoundSelector::hasrealparentref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357)

Stack overflow vulnerability in astselectors.cpp: in function Sass::ComplexSelector::hasplaceholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / libsass

Package

Name
libsass
Purl
pkg:rpm/openEuler/libsass&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.4-2.oe2203sp3

Ecosystem specific 

{
    "x86_64": [
        "libsass-debuginfo-3.6.4-2.oe2203sp3.x86_64.rpm",
        "libsass-debugsource-3.6.4-2.oe2203sp3.x86_64.rpm",
        "libsass-devel-3.6.4-2.oe2203sp3.x86_64.rpm",
        "libsass-3.6.4-2.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "libsass-debugsource-3.6.4-2.oe2203sp3.aarch64.rpm",
        "libsass-3.6.4-2.oe2203sp3.aarch64.rpm",
        "libsass-devel-3.6.4-2.oe2203sp3.aarch64.rpm",
        "libsass-debuginfo-3.6.4-2.oe2203sp3.aarch64.rpm"
    ],
    "src": [
        "libsass-3.6.4-2.oe2203sp3.src.rpm"
    ]
}