CVE-2023-7332
Unknown
Unknown - Not Provided
Improper Input Validation in PocketMine-MP Causes DoS Crash
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: VulnCheck
Description
Description
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pocketmine | pocketmine-mp | 4.18.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in PocketMine-MP versions prior to 4.18.1 and involves improper input validation in inventory transaction handling. A remote attacker who has a valid player session can exploit this by requesting the server to drop more items than are actually available in the player's hotbar. This causes the server to crash.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition. By exploiting it, an attacker can cause the server to crash, disrupting service availability for legitimate users.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70