GHSA-FQQV-56H5-F57G PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

Summary A denial-of-service / out-of-memory vulnerability exists in the STATUSSENDPACKS handling of ResourcePackClientResponsePacket. PocketMine-MP processes the packIds array without verifying that all entries are unique. A malicious non-standard Bedrock client can send multiple duplicate valid...

PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

Summary A denial-of-service / out-of-memory vulnerability exists in the STATUSSENDPACKS handling of ResourcePackClientResponsePacket. PocketMine-MP processes the packIds array without verifying that all entries are unique. A malicious non-standard Bedrock client can send multiple duplicate valid...

PT-2024-20252 · Unknown · Devan-Kerman Arrp

Name of the Vulnerable Software and Affected Versions: Devan-Kerman ARRP versions 0.8.1 and before Description: The issue allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. This enables the attacker to potentially access and manipulate file...

PT-2024-19562 · Unknown · Kihron Serverrpexposer

Name of the Vulnerable Software and Affected Versions: Kihron ServerRPExposer versions 1.0.2 and before Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. This enables the attacker to...