3 matches found
Denial Of Service (DOS)
pocketmine/raklib is vulnerable to Denial Of Service DOS. The vulnerability is caused by a missing validation on an upper bound for the maximum number of messages/packets that can be stored inside reliable-ordered queue until the data in the queue is ordered. A malicious client can exploit above...
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Impact A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server...
GHSA-W98G-5FMX-WM4X pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Impact A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server...