In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray & or / characters. NOTE: Upstream comments indicate this issue is closed as wont fix and works as intended by design
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libsass | Sass-lang | 3.5.5 (including) | 3.5.5 (including) |
Libsass | Ubuntu | cosmic | * |