CVE-2022-35978

EUVD-2022-38805
Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
GitHub_MCNA
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
minetestminetest
𝑥
< 5.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
minetest
bookworm
5.6.1+dfsg+~1.9.0mt8+dfsg-2
fixed
bullseye
no-dsa
bullseye (security)
vulnerable
buster
no-dsa
sid
5.8.0+dfsg+~1.9.0mt13-2
fixed
trixie
5.8.0+dfsg+~1.9.0mt13-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
minetest
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc
https://dev.minetest.net/Changelog#5.5.0_.E2.86.92_5.6.0
https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13
https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc