Main Vulnerability Database SB2018052608

SB2018052608 - Use-after-free in Sass LibSass

Published: May 26, 2018 Updated: January 5, 2024

Security Bulletin ID SB2018052608

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2018-11499)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in handle_error() function in sass_context.cpp in LibSass. A remote attacker can cause a denial of service (application crash) or possibly unspecified other impact.

Remediation

Install update from vendor's website.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00027.html
https://github.com/sass/libsass/issues/2643