PT-2023-13581 · Admesh · Admesh
Francesco Benvenuto
·
Published
2023-04-03
·
Updated
2023-04-09
·
CVE-2022-38072
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ADMesh versions 0.98.4 and Master Commit 767a105
Description
An improper array index validation issue exists in the
stl fix normal directions functionality, which can lead to a heap buffer overflow when a specially-crafted stl file is provided. This allows an attacker to trigger the issue by supplying a malicious file.Recommendations
For ADMesh version 0.98.4, update to a version that fixes the
stl fix normal directions functionality issue.
For ADMesh Master Commit 767a105, apply a patch or update that addresses the improper array index validation vulnerability in the stl fix normal directions functionality.
As a temporary workaround, consider restricting the use of the stl fix normal directions functionality until a patch is available.Exploit
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Admesh