14 lines
1.5 KiB
JSON
14 lines
1.5 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1018",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1018",
|
|
"title": "An update for libsass is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
|
|
"severity": "High",
|
|
"description": "Libsass is a Sass CSS precompiler which is ported for C/C++. This version is more efficient and portable than the original Ruby version. Keeping light and sample is its degisn philosophy which makes it more easier to be built and integrated with a immense amount of platforms and languages. Installation of saccs is needed if you want to run is directly as libsass is just a library.\r\n\r\nSecurity Fix(es):\r\n\r\nStack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.(CVE-2022-26592)\r\n\r\nStack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.(CVE-2022-43357)\r\n\r\nStack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).(CVE-2022-43358)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-43358",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43358",
|
|
"severity": "High"
|
|
}
|
|
]
|
|
} |