CVE-2022-38072Range Error in Project Admesh

CWE-118Range ErrorCWE-129Improper Validation of Array Index7 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Admesh Project AdmeshDebian AdmeshAdmesh+1 more
Timeline
PublishedApr 3

Description

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

debiandebian/admesh< admesh 0.98.5-1 (forky)
PyPIadmesh_project/admesh< 0.98.5
Debianadmesh_project/admesh< 0.98.5-1+1
CVEListV5admesh/admeshMaster Commit 767a105, v0.98.4+1
NVDadmesh_project/admesh0.98.4, 2022-11-18+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
ADMesh improper array index validation2023-04-03
OSV
ADMesh improper array index validation2023-04-03
OSV
CVE-2022-38072: An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v02023-04-03

📋Vendor Advisories

1
Debian
CVE-2022-38072: admesh - An improper array index validation vulnerability exists in the stl_fix_normal_di...2022

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library2023-04-03
Talos
Vulnerability Spotlight: Buffer overflow vulnerability in ADMesh library2023-04-03