GHSA-FQQV-56H5-F57G PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
Summary A denial-of-service / out-of-memory vulnerability exists in the STATUSSENDPACKS handling of ResourcePackClientResponsePacket. PocketMine-MP processes the packIds array without verifying that all entries are unique. A malicious non-standard Bedrock client can send multiple duplicate valid...