Vulnerability DatabaseCVE-2022-35978
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-35978
August 15, 2022
Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.
Additional Notes
The description of this vulnerability differs from MITRE.
Related ResourcesĀ (6)
https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35978.json
https://nvd.nist.gov/vuln/detail/CVE-2022-35978
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
https://security-tracker.debian.org/tracker/CVE-2022-35978
https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
LOW
Subsequent System Confidentiality
LOW
Subsequent System Integrity
HIGH
Subsequent System Availability
LOW
CVSS v3
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
LOW
Weakness Type (CWE)
Protection Mechanism Failure
CWE-693
EPSS
Base Score:
14.52