CVE-2022-24300
First published: Sun Jan 23 2022(Updated: )
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/minetest | 0.4.17.1+repack-1+deb10u1 5.3.0+repack-2.1+deb11u1 5.6.1+dfsg+~1.9.0mt8+dfsg-2 | |
| Minetest Minetest | <5.4.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Debian | =10.0 | |
| Debian | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
- https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3db1fe1ab2c140906022a463cf18046ebbdd8aca#922f24d99bcbb71f467600d4a765aa2ac5ee31f5_31_31
- https://security-tracker.debian.org/tracker/CVE-2022-24300
- https://security-tracker.debian.org/tracker/CVE-2022-24301
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004223
- https://bugs.debian.org/1004223
- https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
- https://www.debian.org/security/2022/dsa-5075
- https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr
- https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-24300.
What is the title of the vulnerability?
The title of the vulnerability is 'Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack.'
What is the severity of CVE-2022-24300?
The severity of CVE-2022-24300 is critical with a CVSS score of 9.8.
How does CVE-2022-24300 affect Minetest?
CVE-2022-24300 affects Minetest versions before 5.4.0.
How does CVE-2022-24300 affect Debian Linux?
CVE-2022-24300 affects Debian Linux versions 10.0 and 11.0.
Is there a fix available for CVE-2022-24300 in Minetest?
Yes, the fix for CVE-2022-24300 is available in Minetest version 5.4.0.
Is there a fix available for CVE-2022-24300 in Debian Linux?
Yes, the fix for CVE-2022-24300 is available in Debian Linux versions 10.0 (0.4.17.1+repack-1+deb10u1) and 11.0 (5.3.0+repack-2.1+deb11u1).
Where can I find more information about CVE-2022-24300?
You can find more information about CVE-2022-24300 at the following references: [Link 1](https://bugs.debian.org/1004223), [Link 2](https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae), [Link 3](https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf).
- collector/debian-bugs
- alias/CVE-2022-24300
- collector/security-tracker-debian
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/minetest
- canonical/minetest minetest
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- canonical/debian
- version/debian/10.0
- version/debian/11.0