CVE-2022-38072
HIGH8.8EPSS 0.60%ADMesh improper array index validation
發布日:2023/4/3修改日:2026/4/28
描述
An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
受影響套件(2)
- Debian/admeshfrom 0
- PyPI/admeshfrom 0, < 0.98.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-38072
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-38072
- PATCHhttps://github.com/admesh/python-admesh
- WEBhttps://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/admesh/PYSEC-2023-263.yaml
- WEBhttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1594