CVE-2023-7332
- Source
- https://cve.org/CVERecord?id=CVE-2023-7332
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7332.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-7332
- Aliases
- Published
- 2025-12-31T22:15:47.870Z
- Modified
- 2026-01-04T05:43:01.919234Z
- Severity
-
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.
- References
-
- https://github.com/pmmp/PocketMine-MP/blob/4.18.1/changelogs/4.18.md
- https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-h87r-f4vc-mchv
- https://www.vulncheck.com/advisories/pocketmine-mp-improper-validation-of-dropped-item-count-allows-remote-server-crash
- https://github.com/pmmp/PocketMine-MP/commit/5897476
Affected packages
Git / github.com/pmmp/pocketmine-mp
Affected versions
1.*
1.4
1.4-916
1.4.1
1.4.1dev-936
1.5dev
1.6.1dev-87
1.6.2dev-229
1.6.2dev-562
1.6.2dev-57
1.6dev
1.7dev-1001
1.7dev-27
1.7dev-318
1.7dev-501
1.7dev-516
1.7dev-677
1.7dev-698
1.7dev-703
1.7dev-717
1.7dev-743
1.7dev-83
1.7dev-937
1.7dev-999
3.*
3.0.0
3.0.1
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.10.0
3.10.1
3.11.0
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.12.0
3.12.1
3.12.2
3.12.3
3.12.4
3.12.5
3.12.6
3.13.0
3.13.1
3.14.0
3.14.1
3.14.2
3.14.3
3.15.0
3.15.1
3.15.2
3.15.3
3.15.4
3.16.0
3.16.1
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5
3.17.6
3.17.7
3.18.0
3.18.1
3.18.2
3.19.0
3.19.1
3.19.2
3.19.3
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.20.0
3.21.0
3.21.1
3.22.0
3.22.1
3.22.2
3.22.3
3.22.4
3.22.5
3.23.0
3.23.1
3.24.0
3.25.0
3.25.1
3.25.2
3.25.3
3.25.4
3.25.5
3.25.6
3.26.0
3.26.1
3.26.2
3.26.3
3.26.4
3.26.5
3.27.0
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.4.0
3.4.1
3.4.2
3.4.3
3.5.0
3.5.1
3.5.10
3.5.11
3.5.12
3.5.13
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
3.9.5
3.9.6
3.9.7
3.9.8
4.*
4.0.0
4.0.0-BETA1
4.0.0-BETA10
4.0.0-BETA11
4.0.0-BETA12
4.0.0-BETA13
4.0.0-BETA14
4.0.0-BETA15
4.0.0-BETA2
4.0.0-BETA3
4.0.0-BETA4
4.0.0-BETA5
4.0.0-BETA6
4.0.0-BETA7
4.0.0-BETA8
4.0.0-BETA9
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.0-BETA1
4.1.0-BETA2
4.10.0
4.10.1
4.10.2
4.11.0
4.11.0-BETA1
4.11.0-BETA2
4.12.0
4.12.1
4.12.10
4.12.11
4.12.2
4.12.3
4.12.4
4.12.5
4.12.6
4.12.7
4.12.8
4.12.9
4.13.0
4.13.0-BETA1
4.14.0
4.14.1
4.15.0
4.15.1
4.15.2
4.15.3
4.16.0
4.16.0-BETA1
4.16.0-BETA2
4.17.0
4.17.1
4.18.0
4.18.0-ALPHA1
4.18.0-ALPHA2
4.2.0
4.2.1
4.2.10
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.2.8
4.2.9
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.4.0
4.4.0-BETA1
4.4.1
4.4.2
4.5.0
4.5.1
4.5.2
4.6.0
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
4.7.3
4.8.0
4.8.1
4.9.0
4.9.1
Alpha_1.*
Alpha_1.0
Alpha_1.0.1
Alpha_1.0.2
Alpha_1.0.3
Alpha_1.0.4
Alpha_1.0.5
Alpha_1.0.6
Alpha_1.0.7
Alpha_1.0.8
Alpha_1.1
Alpha_1.1.1
Alpha_1.2
Alpha_1.2.1
Alpha_1.3
Alpha_1.3.1
Alpha_1.3.10
Alpha_1.3.11
Alpha_1.3.12
Alpha_1.3.2
Alpha_1.3.3
Alpha_1.3.4
Alpha_1.3.5
Alpha_1.3.7
Alpha_1.3.8
Alpha_1.3.9
Alpha_1.4dev-228
Alpha_1.4dev-277
Alpha_1.4dev-413
Alpha_1.4dev-449
Alpha_1.4dev-478
Alpha_1.4dev-491
Alpha_1.4dev-576
Alpha_1.4dev-599
Alpha_1.4dev-659
Alpha_1.4dev-665
Alpha_1.4dev-707
Alpha_1.4dev-822
Alpha_1.4dev-834
Alpha_1.4dev-842
Alpha_1.4dev-847
Alpha_1.4dev-855
Alpha_1.4dev-900
api/1.*
api/1.11.0
api/1.12.0
api/2.*
api/2.0.0
api/2.1.0
api/3.*
api/3.0.0-ALPHA1
api/3.0.0-ALPHA10
api/3.0.0-ALPHA11
api/3.0.0-ALPHA12
api/3.0.0-ALPHA2
api/3.0.0-ALPHA3
api/3.0.0-ALPHA4
api/3.0.0-ALPHA5
api/3.0.0-ALPHA6
api/3.0.0-ALPHA7
api/3.0.0-ALPHA8
api/3.0.0-ALPHA9
Other
before-fixed-wrong-paths
before-psr4
pocketmine-mp-rebrand