CVE-2022-43357

Stack overflow vulnerability in astselectors.cpp in function Sass::CompoundSelector::hasrealparentref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43357.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/sass/sassc

Affected ranges

Type

GIT

Repo

https://github.com/sass/sassc

Events

Introduced

Last affected

66f0ef37e7f0ad3a65d2f481eff09d09408f42d0

Database specific

{
    "cpe": "cpe:2.3:a:sass-lang:sassc:3.6.2:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.6.2"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

3.*

3.0.2

3.1.0

3.2.0

3.2.0-beta.2

3.2.0-beta.5

3.2.0-beta.6

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.3.0

3.3.0-beta1

3.3.0-beta2

3.3.0-beta3

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.4.0

3.4.1

3.4.2

3.4.5

3.4.7

3.4.8

3.5.0

3.6.0

3.6.1

3.6.2

v1.*

v1.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43357.json"