CVE-2024-31446

Published: Apr 16, 2024

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

7.7

HIGH

Description

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device in the mod and can be performed by anyone who can execute Lua code on them. This occurs while using the native Lua library. LuaJ appears to not have this issue. This vulnerability is fixed in 1.8.4. The GregTech: New Horizons modpack uses its own modified version of OpenComputers. They have applied the relevant patch in version 1.10.10-GTNH.

Vendor	Product	Versions
MightyPirates	OpenComputers	affected `< 1.8.4`

Weaknesses (CWE)

CWE-770

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/MightyPirates/OpenComputers/security/advisories/GHSA-54j4-xpgj-cq4g

x_refsource_CONFIRM

https://github.com/MightyPirates/OpenComputers/commit/9d4f7ea297953c2fd8ccfd24fe549d5e9576400f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-31446

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References