-
Notifications
You must be signed in to change notification settings - Fork 464
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A stack-overflow src/ast_selectors.cpp:557 in Sass::CompoundSelector::has_real_parent_ref() const #3177
Comments
Since this is now a CVE, is there any chance to have it addressed? |
Any ETA on patch? |
I was looking into fixing this issue but since both the code is new to me and I don't know too much about sass it is not so easy :) The above provided backtrace isn't much helpful either since it only shows the recursive calling of When running the POC, which is
So I looked into the mentioned functions, specifically
The readme also states @mgreter @xzyfer : Does one of you maybe have some spare time to help us figure this out? That would be great! 🙏 |
I may have a fix at https://github.com/mgreter/libsass/tree/bugfix/x-mas-2023 (please test it), but that may be the last fix I will do for LibSass. As I never was part or had any say in the development of Sass, and also no longer working in fronted, this is merely a bugfix out of good will. You will need to move to dart sass, as that is the future, as the people involved in Sass put it. |
Addressed via #3184 |
Thanks a lot @mgreter ! |
This CVE is fixed in current libsass recipe version. So wrapper around it will also not show this problem. It's usual usecase is to be statically linked with libsass which is probably the reason why this is listed as vulnerable component. [1] links [2] as issue tracker which points to [3] as fix. [4] as base repository for the recipe is not involved and files from [3] are not present in this repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357 [2] sass/libsass#3177 [3] sass/libsass#3184 [4] https://github.com/sass/sassc/ Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
This CVE is fixed in current libsass recipe version. So wrapper around it will also not show this problem. It's usual usecase is to be statically linked with libsass which is probably the reason why this is listed as vulnerable component. [1] links [2] as issue tracker which points to [3] as fix. [4] as base repository for the recipe is not involved and files from [3] are not present in this repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357 [2] sass/libsass#3177 [3] sass/libsass#3184 [4] https://github.com/sass/sassc/ Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
This CVE is fixed in current libsass recipe version. So wrapper around it will also not show this problem. It's usual usecase is to be statically linked with libsass which is probably the reason why this is listed as vulnerable component. [1] links [2] as issue tracker which points to [3] as fix. [4] as base repository for the recipe is not involved and files from [3] are not present in this repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357 [2] sass/libsass#3177 [3] sass/libsass#3184 [4] https://github.com/sass/sassc/ Signed-off-by: Peter Marko <peter.markosiemens.com> Signed-off-by: Khem Raj <raj.khemgmail.com>
This CVE is fixed in current libsass recipe version. So wrapper around it will also not show this problem. It's usual usecase is to be statically linked with libsass which is probably the reason why this is listed as vulnerable component. [1] links [2] as issue tracker which points to [3] as fix. [4] as base repository for the recipe is not involved and files from [3] are not present in this repository. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357 [2] sass/libsass#3177 [3] sass/libsass#3184 [4] https://github.com/sass/sassc/ Signed-off-by: Peter Marko <peter.markosiemens.com> Signed-off-by: Khem Raj <raj.khemgmail.com>
1. Description
A stack-overflow has occurred in
Sass::CompoundSelector::has_real_parent_ref()
ofsrc/ast_selectors.cpp:557
when running program./sassc/bin/sassc
, this can reproduce on the lattest commit.2. Software version info
3. System version info
4. Command
5. Result
6. Impact
This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution.
7. POC
Download: poc2
Report of the Information Security Laboratory of Ocean University of China @OUC_ISLOUC @OUC_Blue_Whale
The text was updated successfully, but these errors were encountered: