Description
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1471780
https://github.com/sass/libsass/issues/2445
Related Vulnerabilities
CVE-2023-39410 Vulnerability in maven package org.apache.avro:avro
CVE-2021-3795 Vulnerability in npm package semver-regex
CVE-2018-3717 Vulnerability in npm package simple-server
CVE-2020-26289 Vulnerability in maven package org.webjars.npm:date-and-time
CVE-2021-43138 Vulnerability in maven package org.webjars.bowergithub.caolan:async