GHSA-xc7j-wj36-qjfr: PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
Summary
If a client sends a BookEditPacket with InventorySlot greater than 35, the server will crash due to an unhandled exception thrown by BaseInventory->getItem()
.
Details
PoC
Using Gophertunnel, use serverConn.WritePacket(&packet.BookEdit{InventorySlot: 36})
Impact
Server crash, all servers
Patched versions
This issue was fixed by 47f011966092f275cc1b11f8de635e89fd9651a7, and the fix was released in 5.11.2.
References
- github.com/advisories/GHSA-xc7j-wj36-qjfr
- github.com/pmmp/PocketMine-MP
- github.com/pmmp/PocketMine-MP/blob/b744e09352a714d89220719ab6948a010ac636fc/src/network/mcpe/handler/InGamePacketHandler.php
- github.com/pmmp/PocketMine-MP/commit/47f011966092f275cc1b11f8de635e89fd9651a7
- github.com/pmmp/PocketMine-MP/security/advisories/GHSA-xc7j-wj36-qjfr
Detect and mitigate GHSA-xc7j-wj36-qjfr with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →