CVE-2022-35978
Last modified
CVE-2022-35978 is a critical-severity vulnerability rated 10/10 on the CVSS scale. Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. EPSS estimates a 2.20% chance of exploitation in the next 30 days.
Description
Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Minetest | Minetest | < 5.6.0 |
References
- https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0Release Notes, Vendor Advisory
- https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13Patch, Third Party Advisory
- https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27ccThird Party Advisory
- https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0Release Notes, Vendor Advisory
- https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13Patch, Third Party Advisory
- https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27ccThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-35978?
How severe is CVE-2022-35978?
How do I fix CVE-2022-35978?
Are you affected by CVE-2022-35978?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST