CVE-2022-23884
CVE-2022-23884 affects Mojang Bedrock Dedicated Server 1.18.2. The issue is an integer overflow in the packet deserializer, specifically PurchaseReceiptPacket::_read, which allows a bound check bypass. Impact is described as high/critical depending on the metric (CVSS2: 7.5 (HIGH), CVSS3.1: 9.8 (...