SUSE CVE-2023-46752

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash...

AZL-34692 CVE-2023-46752 affecting package frr for versions less than 9.1-2

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash...

DEBIAN-CVE-2023-46752

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash...

AZL-31700 CVE-2023-46752 affecting package frr for versions less than 8.5.3-3

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash...

UBUNTU-CVE-2023-46752

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MPREACHNLRI data, leading to a crash...

FRRouting FRR Security Vulnerabilities

FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR 9.0.1 and prior versions that stems from incorrectly processing incorrectly formatted MPREACHNLRI data, which can cause a crash...

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place...

PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...

GHSA-79RC-JJH6-RC89 PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey

Impact The server uses ECDH to calculate a shared secret for the symmetric encryption key used to encrypt network packets after logging in. ECDH requires that the keys used must both belong to the same elliptic curve. In Minecraft: Bedrock Edition, the curve used is secp384r1. Using any other cur...

PT-2023-33001 · Unknown · Pocketmine-Mp

Name of the Vulnerable Software and Affected Versions: PocketMine-MP versions prior to 4.23.1 PocketMine-MP versions prior to 5.3.1 Description: An attacker could crash PocketMine-MP by sending malformed JSON in the LoginPacket. This issue occurred due to the handling of NULL types in the json...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket causing...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists due to improperly checked dropped item count which allows players to request that the server drop more of an item than they had available in their hotbar causing an application crash...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists due to missing rate-limits which allows an attacker to consume resources via mismatched type of a InventoryTransactionPacket which results in an application crash...

PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket

Summary A player sending a packet can cause the server to crash by providing incorrect sign data in NBT in BlockActorDataPacket. Details This vulnerability was discovered using the BlockActorDataPacket, but other packets may also be affected. The player would seem to just need to send an NBT with...

GHSA-7WRV-6H42-W54F PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket

Summary A player sending a packet can cause the server to crash by providing incorrect sign data in NBT in BlockActorDataPacket. Details This vulnerability was discovered using the BlockActorDataPacket, but other packets may also be affected. The player would seem to just need to send an NBT with...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS operating system in devices of the EX4300-MP, EX4600, and QFX5000 series allows a hacker to cause a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS on EX4300-MP, EX4600, and QFX5000 devices is related to uncontrolled memory allocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash

Impact In 4.18.0, the network handling of inventories was completely revamped. Due to this, a bug was introduced which allowed players to request that the server drop more of an item than they had available in their hotbar. This did not lead to any duplication issues, but instead led to a server...

GHSA-H87R-F4VC-MCHV PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash

Impact In 4.18.0, the network handling of inventories was completely revamped. Due to this, a bug was introduced which allowed players to request that the server drop more of an item than they had available in their hotbar. This did not lead to any duplication issues, but instead led to a server...

PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...

GHSA-PQP3-8RRW-G8VM PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency

Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...