Bug 55683 - уязвимость CVE-2022-43357
Summary: уязвимость CVE-2022-43357
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: libsass (show other bugs)
Version: unstable
Hardware: x86_64 Linux
: P5 normal
Assignee: Yuri N. Sedunov
QA Contact: qa-sisyphus
URL: https://github.com/sass/libsass/issue...
Keywords:
Depends on:
Blocks:
 
Reported: 2025-08-21 15:25 MSK by piter_turun
Modified: 2025-08-22 14:32 MSK (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description piter_turun 2025-08-21 15:25:30 MSK 
Уязвимость CVE-2022-43357

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.
Comment 1 Yuri N. Sedunov 2025-08-22 10:29:13 MSK 
И чо?
Comment 2 Andrey Cherepanov 2025-08-22 14:32:30 MSK 
Исправлено в libsass 3.6.6.