Description
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1471782
Related Vulnerabilities
CVE-2022-25876 Vulnerability in npm package link-preview-js
CVE-2020-28273 Vulnerability in npm package set-in
CVE-2020-8203 Vulnerability in npm package lodash
CVE-2022-24794 Vulnerability in npm package express-openid-connect
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js