8 matches found
SUSE CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
Insufficient type validation in pocketmine/pocketmine-mp
Impact When an inventory interaction is performed e.g. moving an item around an inventory, the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don't match, the transaction is invalid. This involv...
GHSA-G5RR-P69H-7V3G Insufficient type validation in pocketmine/pocketmine-mp
Impact When an inventory interaction is performed e.g. moving an item around an inventory, the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don't match, the transaction is invalid. This involv...
GHSA-46C5-PFJ8-FV65 Improperly checked metadata on tools/armour itemstacks received from the client
Impact Due to a workaround applied in 1.13, an attacker may send a negative damage/meta value in a tool or armour item's NBT, which TypeConverter then blindly uses as if it was valid without being checked. When this invalid metadata value reaches Durable-setDamage, an exception is thrown because...
Injection Vulnerability
Minetest is vulnerable to injection vulnerability. An attacker is able to exploit the vulnerability by adding or modifying arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
UBUNTU-CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...
CVE-2022-24300
Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...