CVE-2022-24300
Debian Security Advisory 5075-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.
Minetest versiones anteriores a 5.4.0, permite a atacantes añadir o modificar meta campos arbitrarios de la misma pila de ítems como entrada de usuario guardada, también se conoce como inyección de meta pila de ítems
Several vulnerabilities have been discovered in Minetest, a sandbox video game and game creation system. These issues may allow attackers to manipulate game mods and grant them an unfair advantage over other players. These flaws could also be abused for a denial of service attack against a Minetest server or if user input is passed directly to minetest.deserialize without serializing it first, then a malicious user could run Lua code in the server environment.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-02 CVE Reserved
- 2022-02-02 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.debian.org/1004223 | 2023-08-08 | |
| https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae | 2023-08-08 | |
| https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf | 2023-08-08 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2022/dsa-5075 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Minetest Search vendor "Minetest" | Minetest Search vendor "Minetest" for product "Minetest" | < 5.4.0 Search vendor "Minetest" for product "Minetest" and version " < 5.4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||