CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
GitHub_MCNA
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
minetestminetest
𝑥
< 5.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
minetest
bullseye (security)
vulnerable
bullseye
no-dsa
buster
no-dsa
bookworm
5.6.1+dfsg+~1.9.0mt8+dfsg-2
fixed
sid
5.8.0+dfsg+~1.9.0mt13-2
fixed
trixie
5.8.0+dfsg+~1.9.0mt13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
minetest
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc