Home > Vulnerability Database > CVE-2022-35978

Mend.io Vulnerability Database

CVE-2022-35978

Good to know:

Date: August 15, 2022

Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.

Language: C++

Severity Score

9.1

Related Resources (6)

Url: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35978

Url: https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0

Url: https://security-tracker.debian.org/tracker/CVE-2022-35978

Url: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13

Url: https://www.mend.io/vulnerability-database/CVE-2022-35978

Severity Score

9.1

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 5.6.0

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35978

Good to know:

Date: August 15, 2022

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?