CVE-2023-35925 FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption

2023-06-2315:07:03

CWE-400

GitHub_M

www.cve.org

fastasyncworldedit vulnerability uncontrolled resource consumption

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.

CNA Affected

[
  {
    "vendor": "IntellectualSites",
    "product": "FastAsyncWorldEdit",
    "versions": [
      {
        "version": "< 2.6.3",
        "status": "affected"
      }
    ]
  }
]