CVE-2022-0497

Name

CVE-2022-0497

Description

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2050699
MISC	https://github.com/openscad/openscad/issues/4043
MISC	https://github.com/openscad/openscad/pull/4044

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:openscad:openscad::::::::`	openscad	>= None	< 2022-01-09

Source package	Branch	Version	Maintainer	Status
openscad	edge-community	2021.01-r19	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	edge-community	2021.01-r18	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	edge-community	2021.01-r17	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	edge-community	2021.01-r16	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	edge-community	2021.01-r15	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	edge-community	2021.01-r14	Marian Buschsieweke <marian.buschsieweke@ovgu.de>	fixed
openscad	edge-community	2021.01-r13	Marian Buschsieweke <marian.buschsieweke@ovgu.de>	fixed
openscad	edge-community	2021.01-r2	None	fixed
openscad	3.23-community	2021.01-r18	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	3.22-community	2021.01-r16	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	3.22-community	2021.01-r15	Marian Buschsieweke <marian.buschsieweke@posteo.net>	fixed
openscad	3.22-community	2021.01-r2	None	fixed
openscad	3.21-community	2021.01-r2	None	fixed
openscad	3.20-community	2021.01-r14	Marian Buschsieweke <marian.buschsieweke@ovgu.de>	fixed
openscad	3.20-community	2021.01-r2	None	fixed