CVE-2022-38072

Exploit

EPSS 0.09%
Veröffentlicht 03.04.2023 16:15:07
Zuletzt bearbeitet 21.11.2024 07:15:43
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Admesh Project ≫ Admesh Version0.98.4

Admesh Project ≫ Admesh Version2022-11-18

Slic3r ≫ Libslic3r Versionb1a5500

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.257

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talos-cna@cisco.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-118 Incorrect Access of Indexable Resource ('Range Error')

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f

Patch

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594

Third Party Advisory

Exploit

Technical Description

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1594

https://nvd.nist.gov/vuln/detail/CVE-2022-38072

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38072

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38072

EUVD