Description
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1471782
Related Vulnerabilities
CVE-2012-0392 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-25929 Vulnerability in npm package smoothie
CVE-2020-14966 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2020-26302 Vulnerability in npm package is_js
CVE-2022-24196 Vulnerability in maven package com.itextpdf:itext7-core