Stack overflow vulnerability in astselectors.cpp in function Sass::CompoundSelector::hasrealparentref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libsass-dev", "binary_version": "3.6.5+20231221-3" }, { "binary_name": "libsass1", "binary_version": "3.6.5+20231221-3" }, { "binary_name": "libsass1-dbgsym", "binary_version": "3.6.5+20231221-3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libsass-dev", "binary_version": "3.6.5+20231221-3" }, { "binary_name": "libsass1", "binary_version": "3.6.5+20231221-3" }, { "binary_name": "libsass1-dbgsym", "binary_version": "3.6.5+20231221-3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libsass-dev", "binary_version": "3.6.6-0ubuntu1" }, { "binary_name": "libsass1", "binary_version": "3.6.6-0ubuntu1" }, { "binary_name": "libsass1-dbgsym", "binary_version": "3.6.6-0ubuntu1" } ] }