CVE-2023-7332

Published: Dic 31, 2025 Last Modified: Gen 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0022
Percentile
0,4th
Updated

EPSS Score Trend (Last 74 Days)

1284

Improper Validation of Specified Quantity in Input

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Other Integrity Availability
Potential Impacts:
Varies By Context Dos: Resource Consumption (Cpu) Modify Memory Read Memory
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/pmmp/PocketMine-MP/blob/4.18.1/changelog…
https://github.com/pmmp/PocketMine-MP/blob/4.18.1/changelogs/4.18.md
https://github.com/pmmp/PocketMine-MP/commit/5897476
https://github.com/pmmp/PocketMine-MP/commit/5897476
https://github.com/pmmp/PocketMine-MP/security/advisories/G…
https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-h87r-f4vc-mchv
https://www.vulncheck.com/advisories/pocketmine-mp-improper…
https://www.vulncheck.com/advisories/pocketmine-mp-improper-validation-of-dropp…