Description
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1471780
https://github.com/sass/libsass/issues/2445
Related Vulnerabilities
CVE-2023-29528 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2023-26104 Vulnerability in npm package lite-web-server
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone
CVE-2020-7744 Vulnerability in maven package com.mintegral.msdk:alphab
CVE-2020-5259 Vulnerability in maven package org.webjars.npm:dojox