GHSA-7WRV-6H42-W54F PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket

Summary A player sending a packet can cause the server to crash by providing incorrect sign data in NBT in BlockActorDataPacket. Details This vulnerability was discovered using the BlockActorDataPacket, but other packets may also be affected. The player would seem to just need to send an NBT with...

PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket

Summary A player sending a packet can cause the server to crash by providing incorrect sign data in NBT in BlockActorDataPacket. Details This vulnerability was discovered using the BlockActorDataPacket, but other packets may also be affected. The player would seem to just need to send an NBT with...

SUSE CVE-2020-14303

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash...

GHSA-WQQV-JCFR-9F5G PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash

Impact DyeColorIdMap-fromId did not account for the possibility that it might be given invalid input. This means that an undefined offset error would occur whenever this happened. This code is indirectly called during Banner-deserializeCompoundTag, which is invoked when deserializing any item NBT...

PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash

Impact DyeColorIdMap-fromId did not account for the possibility that it might be given invalid input. This means that an undefined offset error would occur whenever this happened. This code is indirectly called during Banner-deserializeCompoundTag, which is invoked when deserializing any item NBT...

GHSA-FQX3-R75H-VC89 Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP

Impact Due to a workaround for unmapped network items implemented in 4.0.0-BETA5 8ac16345a3bc099b62c1f5cfbf3b736e621c3f76, arbitrary item IDs are able to be written into an item's NBT. The intended purpose of this is to make said unmapped network items able to be moved around the inventory withou...

Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP

Impact Due to a workaround for unmapped network items implemented in 4.0.0-BETA5 8ac16345a3bc099b62c1f5cfbf3b736e621c3f76, arbitrary item IDs are able to be written into an item's NBT. The intended purpose of this is to make said unmapped network items able to be moved around the inventory withou...

Insufficient type validation in pocketmine/pocketmine-mp

Impact When an inventory interaction is performed e.g. moving an item around an inventory, the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don't match, the transaction is invalid. This involv...

GHSA-G5RR-P69H-7V3G Insufficient type validation in pocketmine/pocketmine-mp

Impact When an inventory interaction is performed e.g. moving an item around an inventory, the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don't match, the transaction is invalid. This involv...

Improperly checked metadata on tools/armour itemstacks received from the client

Impact Due to a workaround applied in 1.13, an attacker may send a negative damage/meta value in a tool or armour item's NBT, which TypeConverter then blindly uses as if it was valid without being checked. When this invalid metadata value reaches Durable-setDamage, an exception is thrown because...

Uncapped length of skin data fields submitted by players

Impact Some skin data fields e.g. skinID, geometryName are not capped in length. These fields are typically saved in the NBT data of a player when the player quits the server, or during an autosave. This is problematic due to the 32767 byte limit on TAGStrings. If any of these fields exceeds 3276...

Book page text, count, and author/title length is not limited in PocketMine-MP

Impact Players can fill book pages with as many characters as they like; the server does not check this. In addition, the maximum of 50 pages is also not enforced, meaning that players can create "book bombs". This causes a variety of problems: - Oversized NBT on the wire costing excess bandwidth...

GHSA-P62J-HRXM-XCXF Book page text, count, and author/title length is not limited in PocketMine-MP

Impact Players can fill book pages with as many characters as they like; the server does not check this. In addition, the maximum of 50 pages is also not enforced, meaning that players can create "book bombs". This causes a variety of problems: - Oversized NBT on the wire costing excess bandwidth...

EulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2021-2168)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access...

SUSE: Security Advisory (SUSE-SU-2020:2066-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2036-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1625)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2021-1625)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, whi...

EulerOS 2.0 SP2 : samba (EulerOS-SA-2020-2396)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controlle...

EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2270)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A...