CVE-2023-7332

PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting...

PT-2025-54457

Name of the Vulnerable Software and Affected Versions PocketMine-MP versions prior to 4.18.1 Description PocketMine-MP versions prior to 4.18.1 have an issue with how input is checked when handling inventory transactions. A remote attacker who has a valid player session can ask the server to drop...

GHSA-WQQV-JCFR-9F5G PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash

Impact DyeColorIdMap-fromId did not account for the possibility that it might be given invalid input. This means that an undefined offset error would occur whenever this happened. This code is indirectly called during Banner-deserializeCompoundTag, which is invoked when deserializing any item NBT...

PT-2023-33069 · Unknown · Pocketmine-Mp

Name of the Vulnerable Software and Affected Versions: PocketMine-MP affected versions not specified Description: The issue arises from the DyeColorIdMap-fromId function not handling invalid input properly, leading to an undefined offset error. This function is indirectly called during the...