Login Sign Up

CVE-2022-24300

9.8 CRITICAL

📋 TL;DR

CVE-2022-24300 is an ItemStack meta injection vulnerability in Minetest that allows attackers to modify arbitrary metadata fields of item stacks using saved user input. This affects all Minetest servers running versions before 5.4.0, potentially allowing attackers to execute arbitrary code or corrupt game data.

💻 Affected Systems

Products:
  • Minetest
Versions: All versions before 5.4.0
Operating Systems: All platforms running Minetest
Default Config Vulnerable: ⚠️ Yes
Notes: All Minetest servers with default configurations are vulnerable. Single-player mode may also be affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Minetest by Minetest

View all CVEs affecting Minetest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data corruption, or denial of service.

🟠

Likely Case

Game data manipulation, item duplication, or server crashes affecting gameplay integrity.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented at application layer.

🌐 Internet-Facing: HIGH - Minetest servers are typically internet-facing multiplayer game servers.
🏢 Internal Only: MEDIUM - Internal servers could still be exploited by malicious users or compromised clients.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction or malicious server content, but the vulnerability is straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.4.0 and later

Vendor Advisory: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf

Restart Required: Yes

Instructions:

1. Download Minetest 5.4.0 or later from official sources. 2. Stop the Minetest server. 3. Install the updated version. 4. Restart the server.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for item metadata fields at the server level

Network Segmentation

all

Isolate Minetest servers from critical infrastructure using firewall rules

🧯 If You Can't Patch

  • Restrict server access to trusted users only
  • Disable mods and custom content that could be used as attack vectors

🔍 How to Verify

Check if Vulnerable:

Check Minetest version: if version is less than 5.4.0, the system is vulnerable.

Check Version:

minetest --version

Verify Fix Applied:

Verify Minetest version is 5.4.0 or higher and test item metadata functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual item metadata modifications
  • Server crashes related to item handling
  • Suspicious mod or script activity

Network Indicators:

  • Abnormal packet patterns to item-related endpoints
  • Unexpected metadata in network traffic

SIEM Query:

source="minetest.log" AND ("itemstack" OR "meta" OR "injection")

📊 Metadata

CVE ID: CVE-2022-24300
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON