ByteOS Network

NVD Vulnerability Details :

CVE-2022-24300

Analyzed

Source-cve@mitre.org

Published At-02 Feb, 2022 | 06:15

Updated At-08 Aug, 2023 | 14:22

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

minetest>>minetest>>Versions before 5.4.0(exclusive)

cpe:2.3:a:minetest:minetest:*:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>10.0

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>11.0

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://bugs.debian.org/1004223	cve@mitre.org	Mailing List Patch Third Party Advisory
https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae	cve@mitre.org	Patch Third Party Advisory
https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf	cve@mitre.org	Patch Third Party Advisory
https://www.debian.org/security/2022/dsa-5075	cve@mitre.org	Mailing List Third Party Advisory

Hyperlink: https://bugs.debian.org/1004223

Source: cve@mitre.org

Resource:

Mailing List

Patch

Third Party Advisory

Hyperlink: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Hyperlink: https://www.debian.org/security/2022/dsa-5075

Source: cve@mitre.org

Resource:

Mailing List

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History