A flaw was found in LibSaas 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
Created libsass tracking bugs for this issue: Affects: epel-7 [bug 1652072] Affects: fedora-all [bug 1652071]
Possibly introduced via https://github.com/sass/libsass/commit/efd97dae376de50b3e6ed724337c4f274a21491d