What is CVE-2018-11698?

CVE-2018-11698 is a vulnerability discovered in LibSass version 3.5.4 that allows an attacker to perform an out-of-bounds read of a memory region, potentially leading to information disclosure or denial of service.

What is the severity of CVE-2018-11698?

The severity of CVE-2018-11698 is high, with a CVSSv3 score of 8.1.

How does CVE-2018-11698 affect LibSass?

CVE-2018-11698 affects LibSass versions up to and including 3.5.4, allowing an attacker to exploit an out-of-bounds read vulnerability in the function Sass::handle_error.

What can an attacker do with CVE-2018-11698?

An attacker can leverage CVE-2018-11698 to disclose sensitive information or cause a denial of service by manipulating the out-of-bounds read to read from unmapped memory.

Is there a fix for CVE-2018-11698?

Yes, updating to a version of LibSass that is beyond 3.5.4 will address the vulnerability in CVE-2018-11698.

Vulnerability/
CVE-2018-11698

high

8.1

CWE

125

4/6/2018

20/2/2025

CVE-2018-11698

First published: Mon Jun 04 2018(Updated: )

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
libsass	<=3.5.4
IBM Data Virtualization on Cloud Pak for Data	<=3.0
IBM Watson Query with Cloud Pak for Data as a Service	<=2.2
IBM Watson Query with Cloud Pak for Data as a Service	<=2.1
IBM Watson Query with Cloud Pak for Data as a Service	<=2.0
IBM Data Virtualization on Cloud Pak for Data	<=1.8
IBM Data Virtualization on Cloud Pak for Data	<=1.7

Remedy

https://github.com/sass/libsass/issues/2662

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7183851

Frequently Asked Questions

What is CVE-2018-11698?
CVE-2018-11698 is a vulnerability discovered in LibSass version 3.5.4 that allows an attacker to perform an out-of-bounds read of a memory region, potentially leading to information disclosure or denial of service.
What is the severity of CVE-2018-11698?
The severity of CVE-2018-11698 is high, with a CVSSv3 score of 8.1.
How does CVE-2018-11698 affect LibSass?
CVE-2018-11698 affects LibSass versions up to and including 3.5.4, allowing an attacker to exploit an out-of-bounds read vulnerability in the function Sass::handle_error.
What can an attacker do with CVE-2018-11698?
An attacker can leverage CVE-2018-11698 to disclose sensitive information or cause a denial of service by manipulating the out-of-bounds read to read from unmapped memory.
Is there a fix for CVE-2018-11698?
Yes, updating to a version of LibSass that is beyond 3.5.4 will address the vulnerability in CVE-2018-11698.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/severity
agent/remedy
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/last-modified-date
agent/references
agent/source
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/sass-lang
canonical/libsass
version/libsass/3.5.4
vendor/ibm
canonical/ibm data virtualization on cloud pak for data
version/ibm data virtualization on cloud pak for data/3.0
canonical/ibm watson query with cloud pak for data as a service
version/ibm watson query with cloud pak for data as a service/2.2
version/ibm watson query with cloud pak for data as a service/2.1
version/ibm watson query with cloud pak for data as a service/2.0
version/ibm data virtualization on cloud pak for data/1.8
version/ibm data virtualization on cloud pak for data/1.7