An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Weakness
The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Admesh | Admesh_project | 0.98.4 (including) | 0.98.4 (including) |
| Admesh | Admesh_project | 2022-11-18 (including) | 2022-11-18 (including) |
| Admesh | Ubuntu | bionic | * |
| Admesh | Ubuntu | esm-apps/bionic | * |
| Admesh | Ubuntu | esm-apps/focal | * |
| Admesh | Ubuntu | esm-apps/jammy | * |
| Admesh | Ubuntu | esm-apps/xenial | * |
| Admesh | Ubuntu | focal | * |
| Admesh | Ubuntu | jammy | * |
| Admesh | Ubuntu | kinetic | * |
| Admesh | Ubuntu | lunar | * |
| Admesh | Ubuntu | mantic | * |
| Admesh | Ubuntu | oracular | * |
| Admesh | Ubuntu | plucky | * |
| Admesh | Ubuntu | trusty | * |
| Admesh | Ubuntu | xenial | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/10.html
- https://cwe.mitre.org/data/definitions/14.html
- https://cwe.mitre.org/data/definitions/24.html
- https://cwe.mitre.org/data/definitions/45.html
- https://cwe.mitre.org/data/definitions/46.html
- https://cwe.mitre.org/data/definitions/47.html
- https://cwe.mitre.org/data/definitions/8.html
- https://cwe.mitre.org/data/definitions/9.html
References
- https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594
- https://github.com/admesh/admesh/commit/5fab257268a0ee6f832c18d72af89810a29fbd5f
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1594
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1594