Vulnerability CVE-2022-0497: Information

Description

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0497
Published: Aug. 29, 2022
Modified: Sept. 1, 2022
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openscadsisyphus2021.01-alt42021.01-alt4.1ALT-PU-2022-2118-1302365Fixed
openscadsisyphus_e2k2021.01-alt4.12021.01-alt4.1ALT-PU-2023-3297-1-Fixed
openscadp102021.01-alt42021.01-alt4ALT-PU-2022-2134-1302498Fixed
openscadp10_e2k2021.01-alt4.12021.01-alt4.1ALT-PU-2023-3282-1-Fixed
openscadc10f12021.01-alt42021.01-alt4ALT-PU-2022-2134-1302498Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2050699
  • Issue Tracking
  • Third Party Advisory
https://github.com/openscad/openscad/issues/4043
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/openscad/openscad/pull/4044
  • Patch
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:openscad:openscad:*:*:*:*:*:*:*:*
      End excliding
      2022-01-09
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top