Skip to main content

Uncontrolled Recursion

CVE-2018-20822

Severity Medium
Score 6.5/10

Summary

In libsass package versions through 3.6.0, allows attackers to cause a Denial-of-Service (uncontrolled recursion) in "Sass::Complex_Selector::perform" in "ast.hpp" and "Sass::Inspect::operator" in "inspect.cpp".

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-674 - Uncontrolled Recursion

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Advisory Timeline

  • Published