GHSA-XP4F-G2CM-RHG7 PocketMine-MP has LogDoS by many junk properties in client data JWT in LoginPacket

Impact Attackers can fill the body of the clientData JWT in LoginPacket with lots of junk properties, causing the server to flood warning messages, as well as wasting CPU time. This happens because the JsonMapper instance used to process the JWT body is configured to warn on unexpected properties...

GHSA-H6J3-J35F-V2X7 PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. netresearch/jsonmapper allows objects to be hydrated from scalar types in JSON. However, due to the lack of validation in the code for this feature, it may output improperly initialized objects if applied to...

PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. netresearch/jsonmapper allows objects to be hydrated from scalar types in JSON. However, due to the lack of validation in the code for this feature, it may output improperly initialized objects if applied to...

GHSA-92JH-GWCH-JQ38 PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...

PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...

GHSA-79RC-JJH6-RC89 PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey

Impact The server uses ECDH to calculate a shared secret for the symmetric encryption key used to encrypt network packets after logging in. ECDH requires that the keys used must both belong to the same elliptic curve. In Minecraft: Bedrock Edition, the curve used is secp384r1. Using any other cur...

PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey

Impact The server uses ECDH to calculate a shared secret for the symmetric encryption key used to encrypt network packets after logging in. ECDH requires that the keys used must both belong to the same elliptic curve. In Minecraft: Bedrock Edition, the curve used is secp384r1. Using any other cur...

PT-2023-33001 · Unknown · Pocketmine-Mp

Name of the Vulnerable Software and Affected Versions: PocketMine-MP versions prior to 4.23.1 PocketMine-MP versions prior to 5.3.1 Description: An attacker could crash PocketMine-MP by sending malformed JSON in the LoginPacket. This issue occurred due to the handling of NULL types in the json...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket causing...

GHSA-PQP3-8RRW-G8VM PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...

PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...

PT-2023-33049 · Unknown · Netresearch/Jsonmapper +1

Name of the Vulnerable Software and Affected Versions: PocketMine-MP versions prior to 4.20.5 PocketMine-MP versions prior to 4.21.1 Description: An attacker could crash PocketMine-MP by sending malformed JSON in the LoginPacket. This issue occurred due to a bug in the netresearch/jsonmapper...

PocketMine-MP invalid skin geometry JSON data leading to server crash

Impact pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects. This leads to a server crash if the skin geometry data is invalid for some reason e.g. a syntax error. Patches...

GHSA-8CWQ-4CMF-PX73 PocketMine-MP invalid skin geometry JSON data leading to server crash

Impact pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects. This leads to a server crash if the skin geometry data is invalid for some reason e.g. a syntax error. Patches...

PT-2022-28217 · Unknown · Adhocore/Json-Comment +1

Name of the Vulnerable Software and Affected Versions: PocketMine-MP affected versions not specified Description: The issue arises from the pocketmineentitySkin component not handling errors correctly when parsing skin geometry data. Specifically, it expects false to be returned in case of an...

Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown

Impact LoginPacket uses BinaryStream-getLInt to read the lengths of JSON payloads it wants to decode. Unfortunately, BinaryStream-getLInt returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size which would be interpreted as a...

GHSA-5JFW-35XP-5M42 Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown

Impact LoginPacket uses BinaryStream-getLInt to read the lengths of JSON payloads it wants to decode. Unfortunately, BinaryStream-getLInt returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size which would be interpreted as a...

CVE-2021-39177

Summary: CVE-2021-39177 affects Geyser versions prior to 1.4.2-SNAPSHOT, where an attacker who can connect to a server can forge a LoginPacket with a manipulated JWT token to impersonate any user. The issue is mitigated by upgrading to 1.4.2-SNAPSHOT or later, which includes a patch. Other workar...