Home > Vulnerability Database > CVE-2022-35978

Mend.io Vulnerability Database

CVE-2022-35978

Date: August 15, 2022

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.

Language: C++

Severity Score

7.7

Related Resources (6)

Url: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35978

Url: https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0

Url: https://security-tracker.debian.org/tracker/CVE-2022-35978

Url: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13

Url: https://www.mend.io/vulnerability-database/CVE-2022-35978

Severity Score

7.7

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35978

Date: August 15, 2022

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?