CVE-2022-43045 Scene Manager dump function had a segmentation violation.

This was discovered during the audit of VRChat’s codebase as part of its ongoing commitment to quality assurance. In order to fix this issue, the offending line of code has been updated to handle the invalid data type in a more robust manner. As soon as we’re made aware of a new severity rating that affects stability, we’re committed to fixing it. In the meantime, we advise all those who were affected to update their PGPAC version.

VRChat Stabilization Progress on December 1, 2018

The severity rating listed in the CVE is 20, which is a high severity rating. The number indicates that the vulnerability could allow an application to crash or cause data loss. It also means that it’s possible for a hacker to exploit this vulnerability and gain control over your system. So, if you were affected by this issue and you have a PGPAC version lower than v1.12.0, you should update your PGPAC version as soon as you can.

We believe that any significant changes in our business model should be open to debate and discussion with the community’s opinion being sought prior to any decision being made. In addition, we want all members of our community to have access to the highest quality VR experiences, which necessitates the need for us to constantly improve our technology and infrastructure. Therefore, in order for us to be able to achieve these goals going forward, it will require more funding than what we are able to generate internally due to how much work must go into maintaining everything we currently offer on our platform.

When announcing "the launch of Patreon Tier 1 on December 1", VRChat was making an announcement about how Patreon would help them continue operating as they grow their service's infrastructure with new features and updates without needing too much financial support from their users (which would otherwise take up too much time). However, one of those features was a "Stabilization Progress" tab that showed the server health status while giving specific details

Timeline

Published on: 10/19/2022 14:15:00 UTC
Last modified on: 10/20/2022 20:30:00 UTC

References