{"id":"CVE-2022-43357","details":"Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.","aliases":["BIT-sass-2022-43357"],"modified":"2026-07-08T06:04:15.990464358Z","published":"2023-08-22T00:00:00Z","related":["SUSE-SU-2023:4895-1","openSUSE-SU-2024:13516-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43357.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://drive.google.com/file/d/1aC5q3czen0atI91fuBIoCBFkS30_OSWX/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43357.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43357"},{"type":"REPORT","url":"https://github.com/sass/libsass/issues/3177"},{"type":"PACKAGE","url":"https://github.com/sass/libsass"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sass/sassc","events":[{"introduced":"66f0ef37e7f0ad3a65d2f481eff09d09408f42d0"},{"last_affected":"66f0ef37e7f0ad3a65d2f481eff09d09408f42d0"}],"database_specific":{"extracted_events":[{"introduced":"3.6.2"},{"last_affected":"3.6.2"}],"cpe":"cpe:2.3:a:sass-lang:sassc:3.6.2:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["3.6.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43357.json"}}],"schema_version":"1.7.5"}