CNNVD-202512-5503 Information
CNNVD ID
CNNVD-202512-5503
Related CVE
- CNNVD Published: 2025-12-31
Description (Chinese)
PocketMine-MP是PMMP开源的一个游戏服务器软件。 PocketMine-MP 4.18.1之前版本存在安全漏洞,该漏洞源于库存事务处理中输入验证不当,可能导致远程攻击者触发服务器崩溃并导致拒绝服务。
Description (English)
PocketMine-MP is a game server software that is an open source for PMMP. Prior to PocketMine-MP 4.18/1, there was a security loophole, which stemmed from inadequate input validation in the handling of inventory services, which could result in a remote attacker triggering a server crash and leading to a denial of service.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PMMP
Published
2025-12-31
Last Modified
2026-02-24
References
https://github.com/pmmp/PocketMine-MP/blob/4.18.1/changelogs/4.18.md https://github.com/pmmp/PocketMine-MP/commit/5897476 https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-h87r-f4vc-mchv https://www.vulncheck.com/advisories/pocketmine-mp-improper-validation-of-dropped-item-count-allows-remote-server-crash
Patch
https://github.com/pmmp/PocketMine-MP/releases
Share on: