CVE-2018-19838
First published: Tue Dec 04 2018(Updated: )
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libsass | <3.5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-19838.
What is the severity of CVE-2018-19838?
The severity of CVE-2018-19838 is medium with a severity value of 6.5.
What is the affected software for CVE-2018-19838?
The affected software for CVE-2018-19838 is LibSass prior to version 3.5.5.
How can attackers exploit CVE-2018-19838?
Attackers can exploit CVE-2018-19838 by causing a denial-of-service resulting from stack consumption via a crafted Sass file.
Is there a fix available for CVE-2018-19838?
Yes, a fix is available for CVE-2018-19838 in LibSass version 3.5.5.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sass-lang
- canonical/libsass