Description
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1471782
Related Vulnerabilities
CVE-2018-3732 Vulnerability in npm package resolve-path
CVE-2022-39246 Vulnerability in maven package org.matrix.android:matrix-android-sdk2
CVE-2022-25854 Vulnerability in npm package @yaireo/tagify
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.11
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-api