Bug 1474937 (CVE-2017-11554, CVE-2017-11555, CVE-2017-11556, CVE-2017-11605, CVE-2017-11608, CVE-2017-12962, CVE-2017-12963, CVE-2017-12964) - CVE-2017-11554 CVE-2017-11555 CVE-2017-11556 CVE-2017-11605 CVE-2017-11608 CVE-2017-12962 CVE-2017-12963 CVE-2017-12964 libsass: Multiple vulnerabilities
Summary: CVE-2017-11554 CVE-2017-11555 CVE-2017-11556 CVE-2017-11605 CVE-2017-11608 CV...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-11554, CVE-2017-11555, CVE-2017-11556, CVE-2017-11605, CVE-2017-11608, CVE-2017-12962, CVE-2017-12963, CVE-2017-12964
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1474938 1471780 1471782 1471786 1474019 1474276
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-25 16:13 UTC by Andrej Nemec
Modified: 2021-10-21 11:55 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-21 11:55:04 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2017-07-25 16:13:38 UTC
Multiple security issues were found in libsass.

CVE-2017-11554

There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

https://bugzilla.redhat.com/show_bug.cgi?id=1471780
https://github.com/sass/libsass/issues/2445

CVE-2017-11555

There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.

https://bugzilla.redhat.com/show_bug.cgi?id=1471782

CVE-2017-11556

There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.

https://bugzilla.redhat.com/show_bug.cgi?id=1471786

CVE-2017-11605

There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.

https://bugzilla.redhat.com/show_bug.cgi?id=1474019

Comment 1 Andrej Nemec 2017-07-25 16:15:00 UTC
Created libsass tracking bugs for this issue:

Affects: epel-7 [bug 1474938]

Comment 2 Andrej Nemec 2017-07-25 16:18:47 UTC
CVE-2017-11608

There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.

https://bugzilla.redhat.com/show_bug.cgi?id=1474276

Comment 3 Andrej Nemec 2017-08-31 12:56:42 UTC
CVE-2017-12962

There are memory leaks in LibSass 3.4.5 triggered by deeply nested
code, such as code with a long sequence of open parenthesis characters,
leading to a remote denial of service attack.

https://bugzilla.redhat.com/show_bug.cgi?id=1482331

CVE-2017-12963

There is an illegal address access in Sass::Eval::operator() in
eval.cpp of LibSass 3.4.5, leading to a remote denial of service
attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable
after the vendor's CVE-2017-11555 fix (available from GitHub after
2017-07-24).

https://bugzilla.redhat.com/show_bug.cgi?id=1482335

CVE-2017-12964

There is a stack consumption issue in LibSass 3.4.5 that is triggered
in the function Sass::Eval::operator() in eval.cpp. It will lead to a
remote denial of service attack.

https://bugzilla.redhat.com/show_bug.cgi?id=1482397


Note You need to log in before you can comment on or make changes to this bug.