CVE-2022-38072 — MEDIUM (6.5)

Vulnerability Description

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Admesh Project	Admesh	0.98.4
Slic3R	Libslic3R	b1a5500

Related Weaknesses (CWE)

CWE-118 CWE-129

References

https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5fPatch
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594ExploitTechnical DescriptionThird Party Advisory
https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5fPatch
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594ExploitTechnical DescriptionThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1594

FAQ

What is CVE-2022-38072?

CVE-2022-38072 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buff...

How severe is CVE-2022-38072?

CVE-2022-38072 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-38072?

Check the references section above for vendor advisories and patch information. Affected products include: Admesh Project Admesh, Slic3R Libslic3R.