Lucene search

GoogleOSV:CVE-2024-42698

HistoryAug 28, 2024 - 4:15 p.m.

CVE-2024-42698

2024-08-2816:15:09

Google

osv.dev

roughly enough items

rei

minecraft

security

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

JSON

Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication.

References

gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595

github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

JSON

Related for OSV:CVE-2024-42698