GHSA-H6RJ-3M53-887H PocketMine-MP: LogDoS by large complex unknown property logging in clientData in LoginPacket

Impact Attackers can put large and/or complex structures as a value to an unknown property in the clientData JWT body in the Minecraft LoginPacket, causing the server to generate very long log messages. Additionally, the property name is logged without any length limitations or sanitization, whic...

PT-2023-8683 · Libqb +8 · Libqb +8

Name of the Vulnerable Software and Affected Versions: libqb versions prior to 2.0.8 Description: The issue is related to a buffer overflow in the log blackbox.c component of the libqb library. This occurs due to the lack of input size validation when copying data, allowing an attacker to...