Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-20822: AddressSanitizer: stack-overflow at Sass::Inspect::operator() (inspect.cpp:977) · Issue #2671 · sass/libsass

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

CVE
#linux#dos#c++#ssl

We found with our fuzzer some stack over flow errors at Sass::Inspect::operator() (inspect.cpp:977)(45f5087) when compiled with Address Sanitizer (using sassc as the driver).

=================================================================
==2828==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd23974fd8 (pc 0x7f7c014511a4 bp 0x7ffd23975850 sp 0x7ffd23974fe0 T0)
    #0 0x7f7c014511a3 in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x701a3)
    #1 0x7f7bffced43b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(char const*) const (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x12143b)
    #2 0x7f7c010a3c86 in bool std::operator==<char, std::char_traits<char>, std::allocator<char> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, char const*) /usr/include/c++/5/bits/basic_string.h:4939
    #3 0x7f7c010a3c86 in Sass::Inspect::operator()(Sass::Wrapped_Selector*) /home/hongxu/FUZZ/libsass-orig/src/inspect.cpp:977
    #4 0x7f7c0109de50 in Sass::Inspect::operator()(Sass::Compound_Selector*) /home/hongxu/FUZZ/libsass-orig/src/inspect.cpp:996
    #5 0x7f7c010abed7 in Sass::Compound_Selector::perform(Sass::Operation<void>*) /home/hongxu/FUZZ/libsass-orig/src/ast.hpp:2742
    #6 0x7f7c010abed7 in Sass::Inspect::operator()(Sass::Complex_Selector*) /home/hongxu/FUZZ/libsass-orig/src/inspect.cpp:1023
    #7 0x7f7c010ac3f4 in Sass::Complex_Selector::perform(Sass::Operation<void>*) /home/hongxu/FUZZ/libsass-orig/src/ast.hpp:2907
    #8 0x7f7c010ac3f4 in Sass::Inspect::operator()(Sass::Complex_Selector*) /home/hongxu/FUZZ/libsass-orig/src/inspect.cpp:1061
...
    #447 0x7f7c010abed7 in Sass::Inspect::operator()(Sass::Complex_Selector*) /home/hongxu/FUZZ/libsass-orig/src/inspect.cpp:1023
    #448 0x7f7c010ac3f4 in Sass::Complex_Selector::perform(Sass::Operation<void>*) /home/hongxu/FUZZ/libsass-orig/src/ast.hpp:2907
    #449 0x7f7c010ac3f4 in Sass::Inspect::operator()(Sass::Complex_Selector*) /home/hongxu/FUZZ/libsass-orig/src/inspect.cpp:1061
    #450 0x7f7c010ae63b in Sass::Complex_Selector::perform(Sass::Operation<void>*) /home/hongxu/FUZZ/libsass-orig/src/ast.hpp:2907
    #451 0x7f7c010ae63b in Sass::Inspect::operator()(Sass::Selector_List*) /home/hongxu/FUZZ/libsass-orig/src/inspect.cpp:1098

SUMMARY: AddressSanitizer: stack-overflow ??:0 __interceptor_strlen
==2828==ABORTING

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907