PYSEC-2023-263

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/admesh/PYSEC-2023-263.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2023-263
Aliases
Withdrawn
2024-11-22T04:37:03Z
Published
2023-04-03T16:15:00Z
Modified
2026-06-10T17:00:07.507494768Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An improper array index validation vulnerability exists in the stlfixnormal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

References

Affected packages

PyPI / admesh

Package

Affected ranges

Type
GIT
Repo
https://github.com/admesh/admesh
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

v0.*
v0.95
v0.97.3
v0.97.4
v0.97.5
v0.98.0alpha
v0.98.0beta
v0.98.0rc1
v0.98.0
v0.98.1
v0.98.2
0.*
0.96
0.98a1
0.98
0.98.1
0.98.2
0.98.3
0.98.4
0.98.5
0.98.6
0.98.7
0.98.8
0.98.9

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/admesh/PYSEC-2023-263.yaml"