CVE-2022-24300

CRITICAL

Minetest < 5.4.0 - ItemStack Meta Injection

Title source: llm
STIX 2.1

Description

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

References (4)

Core 4
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://bugs.debian.org/1004223
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5075

Scores

CVSS v3 9.8
EPSS 0.0166
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (3)
debian/debian_linux 10.0
debian/debian_linux 11.0
minetest/minetest < 5.4.0
Published Feb 02, 2022
Tracked Since Feb 18, 2026