Bug 55683

Summary: уязвимость CVE-2022-43357
Product: Sisyphus Reporter: piter_turun <alannaaquamarine>
Component: libsassAssignee: Yuri N. Sedunov <aris>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P5 CC: aris, cas
Version: unstable   
Hardware: x86_64   
OS: Linux   
URL: https://github.com/sass/libsass/issues/3177

Description piter_turun 2025-08-21 15:25:30 MSK 
Уязвимость CVE-2022-43357

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
Comment 1 Yuri N. Sedunov 2025-08-22 10:29:13 MSK 
И чо?
Comment 2 Andrey Cherepanov 2025-08-22 14:32:30 MSK 
Исправлено в libsass 3.6.6.