CVE-2022-2832

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-2832
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://developer.blender.org/D15463 Patch Vendor Advisory
https://developer.blender.org/T99706 Exploit Patch Vendor Advisory
https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c Patch Vendor Advisory
https://developer.blender.org/D15463 Patch Vendor Advisory
https://developer.blender.org/T99706 Exploit Patch Vendor Advisory
https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*
History

21 Nov 2024, 07:01

Type Values Removed Values Added
References () https://developer.blender.org/D15463 - Patch, Vendor Advisory () https://developer.blender.org/D15463 - Patch, Vendor Advisory
References () https://developer.blender.org/T99706 - Exploit, Patch, Vendor Advisory () https://developer.blender.org/T99706 - Exploit, Patch, Vendor Advisory
References () https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - Patch, Vendor Advisory () https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - Patch, Vendor Advisory

01 Sep 2022, 21:15

Type Values Removed Values Added
Summary When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS. A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

18 Aug 2022, 18:23

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
References (MISC) https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - (MISC) https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c - Patch, Vendor Advisory
References (MISC) https://developer.blender.org/T99706 - (MISC) https://developer.blender.org/T99706 - Exploit, Patch, Vendor Advisory
References (MISC) https://developer.blender.org/D15463 - (MISC) https://developer.blender.org/D15463 - Patch, Vendor Advisory
CPE cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*
CWE CWE-476

16 Aug 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-16 21:15

Updated : 2024-11-21 07:01

NVD link : CVE-2022-2832

Mitre link : CVE-2022-2832

CVE.ORG link : CVE-2022-2832

JSON object : View

Products Affected

blender

  • blender
CWE
CWE-395

Use of NullPointerException Catch to Detect NULL Pointer Dereference

CWE-476

NULL Pointer Dereference