CVE-2022-35978 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-35978 Interim 1 8 2025-02-22T00:54:13Z current 2022-08-16T23:34:36Z 2025-02-22T00:54:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-35978 Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6BEL53A6YRA752TFXGECQDT4XJ7UK6P5/ E-Mail link for openSUSE-SU-2023:0001-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z3ZK4G6DNQFIACTL2C265VGZDQPXSRAZ/ E-Mail link for openSUSE-SU-2025:14825-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP3 SUSE Package Hub 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed luanti-5.11.0-1.1 luanti-data-5.11.0-1.1 luanti-lang-5.11.0-1.1 luantiserver-5.11.0-1.1 minetest-5.6.0-1.1 minetest-5.6.0-bp153.2.3.1 minetest-5.6.0-bp154.2.3.5 minetest-data-5.6.0-1.1 minetest-data-5.6.0-bp153.2.3.1 minetest-data-5.6.0-bp154.2.3.5 minetest-lang-5.6.0-1.1 minetest-lang-5.6.0-bp153.2.3.1 minetest-lang-5.6.0-bp154.2.3.5 minetestserver-5.6.0-1.1 minetestserver-5.6.0-bp153.2.3.1 minetestserver-5.6.0-bp154.2.3.5 minetest-5.6.0-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 minetest-data-5.6.0-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 minetest-lang-5.6.0-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 minetestserver-5.6.0-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 minetest-5.6.0-bp154.2.3.5 as a component of SUSE Package Hub 15 SP4 minetest-data-5.6.0-bp154.2.3.5 as a component of SUSE Package Hub 15 SP4 minetest-lang-5.6.0-bp154.2.3.5 as a component of SUSE Package Hub 15 SP4 minetestserver-5.6.0-bp154.2.3.5 as a component of SUSE Package Hub 15 SP4 minetest-5.6.0-bp153.2.3.1 as a component of openSUSE Leap 15.3 minetest-data-5.6.0-bp153.2.3.1 as a component of openSUSE Leap 15.3 minetest-lang-5.6.0-bp153.2.3.1 as a component of openSUSE Leap 15.3 minetestserver-5.6.0-bp153.2.3.1 as a component of openSUSE Leap 15.3 minetest-5.6.0-bp154.2.3.5 as a component of openSUSE Leap 15.4 minetest-data-5.6.0-bp154.2.3.5 as a component of openSUSE Leap 15.4 minetest-lang-5.6.0-bp154.2.3.5 as a component of openSUSE Leap 15.4 minetestserver-5.6.0-bp154.2.3.5 as a component of openSUSE Leap 15.4 luanti-5.11.0-1.1 as a component of openSUSE Tumbleweed luanti-data-5.11.0-1.1 as a component of openSUSE Tumbleweed luanti-lang-5.11.0-1.1 as a component of openSUSE Tumbleweed luantiserver-5.11.0-1.1 as a component of openSUSE Tumbleweed minetest-5.6.0-1.1 as a component of openSUSE Tumbleweed minetest-data-5.6.0-1.1 as a component of openSUSE Tumbleweed minetest-lang-5.6.0-1.1 as a component of openSUSE Tumbleweed minetestserver-5.6.0-1.1 as a component of openSUSE Tumbleweed Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds. CVE-2022-35978 SUSE Package Hub 15 SP3:minetest-5.6.0-bp153.2.3.1 SUSE Package Hub 15 SP3:minetest-data-5.6.0-bp153.2.3.1 SUSE Package Hub 15 SP3:minetest-lang-5.6.0-bp153.2.3.1 SUSE Package Hub 15 SP3:minetestserver-5.6.0-bp153.2.3.1 SUSE Package Hub 15 SP4:minetest-5.6.0-bp154.2.3.5 SUSE Package Hub 15 SP4:minetest-data-5.6.0-bp154.2.3.5 SUSE Package Hub 15 SP4:minetest-lang-5.6.0-bp154.2.3.5 SUSE Package Hub 15 SP4:minetestserver-5.6.0-bp154.2.3.5 openSUSE Leap 15.3:minetest-5.6.0-bp153.2.3.1 openSUSE Leap 15.3:minetest-data-5.6.0-bp153.2.3.1 openSUSE Leap 15.3:minetest-lang-5.6.0-bp153.2.3.1 openSUSE Leap 15.3:minetestserver-5.6.0-bp153.2.3.1 openSUSE Leap 15.4:minetest-5.6.0-bp154.2.3.5 openSUSE Leap 15.4:minetest-data-5.6.0-bp154.2.3.5 openSUSE Leap 15.4:minetest-lang-5.6.0-bp154.2.3.5 openSUSE Leap 15.4:minetestserver-5.6.0-bp154.2.3.5 openSUSE Tumbleweed:luanti-5.11.0-1.1 openSUSE Tumbleweed:luanti-data-5.11.0-1.1 openSUSE Tumbleweed:luanti-lang-5.11.0-1.1 openSUSE Tumbleweed:luantiserver-5.11.0-1.1 openSUSE Tumbleweed:minetest-5.6.0-1.1 openSUSE Tumbleweed:minetest-data-5.6.0-1.1 openSUSE Tumbleweed:minetest-lang-5.6.0-1.1 openSUSE Tumbleweed:minetestserver-5.6.0-1.1 critical 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H