OSV-2022-896

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libsass/OSV-2022-896.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-896
Published
2022-09-15T00:02:01.621945Z
Modified
2026-06-19T14:17:06.772228Z
Summary
Segv on unknown address in Sass::unifyComplex
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51316

Crash type: Segv on unknown address
Crash state:
Sass::unifyComplex
Sass::Extender::extendCompound
Sass::Extender::extendComplex
References

Affected packages

OSS-Fuzz / libsass

Package

Name
libsass
Purl
pkg:generic/libsass

Affected ranges

Type
GIT
Repo
https://github.com/sass/libsass.git
Events
Introduced
f964dcddd76f4c1f00da06bfd905be790618c33b

Affected versions

3.*
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6

Ecosystem specific 

{
    "severity": null
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libsass/OSV-2022-896.yaml"