CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.

References

Affected packages

Debian:11 / minetest

Package

Name: minetest
Purl: pkg:deb/debian/minetest?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0+repack-2.1

5.3.0+repack-2.1+deb11u1

5.4.1+repack-1

5.4.1+repack-2

5.5.0+dfsg+~1.9.0mt4+dfsg-1

5.5.0+dfsg+~1.9.0mt4+dfsg-2

5.6.0+dfsg+~1.9.0mt7+dfsg-1

5.6.0+dfsg+~1.9.0mt7+dfsg-2

5.6.0+dfsg+~1.9.0mt7+dfsg-3~exp1

5.6.0+dfsg+~1.9.0mt7+dfsg-3~exp2

5.6.0+dfsg+~1.9.0mt7+dfsg-3~exp3

5.6.0+dfsg+~1.9.0mt7+dfsg-3

5.6.1+dfsg+~1.9.0mt8+dfsg-1

5.6.1+dfsg+~1.9.0mt8+dfsg-2

5.6.1+dfsg+~1.9.0mt8+dfsg-3

5.6.1+dfsg+~1.9.0mt8+dfsg-4

5.8.0+dfsg+~1.9.0mt13-1~exp1

5.8.0+dfsg+~1.9.0mt13-1~exp2

5.8.0+dfsg+~1.9.0mt13-1

5.8.0+dfsg+~1.9.0mt13-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / minetest

Package

Name: minetest
Purl: pkg:deb/debian/minetest?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.0+dfsg+~1.9.0mt4+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/luanti-org/luanti

Affected ranges

Type: GIT
Repo: https://github.com/luanti-org/luanti
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

da71e86633d0b27cd02d7aac9fdac625d141ca13

Fixed

da71e86633d0b27cd02d7aac9fdac625d141ca13

Type: GIT
Repo: https://github.com/minetest/minetest
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

53dd648c96b899b706f30de656896713d7e8ff08

Affected versions

0.*

0.2.20110731_3

0.2.20110922

0.2.20110922_1

0.3.0

0.3.1

0.3.dev-20111021

0.4.0

0.4.1

0.4.10

0.4.11

0.4.13

0.4.14

0.4.15

0.4.16

0.4.2-rc1

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.7-MSVC

0.4.8

0.4.9

0.4.dev-20111201-0

0.4.dev-20111202-1

0.4.dev-20111203-1

0.4.dev-20111203-2

0.4.dev-20111203-3

0.4.dev-20111204-1

0.4.dev-20111209-1

0.4.dev-20120106-1

0.4.dev-20120122-1

0.4.dev-20120318

0.4.dev-20120320

0.4.dev-20120326

0.4.dev-20120408

0.4.dev-20120603

0.4.dev-20120606

5.*

5.0.0

5.1.0

5.2.0

5.3.0

5.4.0

5.5.0