Heap-based Buffer Over-read in LibSass 3.5.5

Heap-based Buffer Over-read in LibSass 3.5.5

CVE-2019-6286 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Learn more about our Web Application Penetration Testing UK.