CVE-2024-42698

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42698

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42698.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-42698

Published

2024-08-28T16:15:09Z

Modified

2025-10-21T02:34:47Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication.

References

Affected packages

Git / github.com/shedaniel/roughlyenoughitems

Affected ranges

Type: GIT
Repo: https://github.com/shedaniel/roughlyenoughitems
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e80ca84f1affb91d2388ddb298bfc6b141828cad

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "19590286002053980717722554483191131696",
                "22172974988951916477905514940744674684",
                "116715898566274656274092976874770745000",
                "332519441353655168012645213155549388766"
            ]
        },
        "target": {
            "file": "api/src/main/java/me/shedaniel/rei/api/common/transfer/info/clean/InputCleanHandler.java"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-0f2ddf78",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "235290671412712942733563394685304104179",
                "55305120737490761525491496787044040807",
                "181995209897539629266814444648072519655"
            ]
        },
        "target": {
            "file": "api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/VanillaSlotAccessor.java"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-1809f18a",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "292003680786407146274549005523617392561",
                "314580155522821766503727750719382465592",
                "300020457769011387128321797830300876216",
                "45464211816532709821657986873496357386"
            ]
        },
        "target": {
            "file": "runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/NewInputSlotCrafter.java"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-2be990b4",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "323643158532443095406582343005472950363",
            "length": 362.0
        },
        "target": {
            "file": "runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/NewInputSlotCrafter.java",
            "function": "cleanInputs"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-587165bf",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "8845121579441980780731552239399338419",
                "156440199192694340804072367864184620405",
                "163850799276483442935018251198009623409",
                "93591308739411592163145723220744912462",
                "90827562006929369054198756509320945167",
                "215991203792504586471227043476477975272",
                "206405747539248133181554614763909010988",
                "228764926621070811715719659857180104213",
                "185025050674521931818850147467868331526",
                "247926054331038513277261433375715401956",
                "190011604507371461382357818590408120267",
                "246475418474521473066429328746060009460",
                "220884027888050459794073188008898298494",
                "1920261129045239175249700548067274359"
            ]
        },
        "target": {
            "file": "runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-6fba65f6",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "253426478248365089697471096563993135330",
                "328529235713551909328904348198784992660",
                "293459973467321167855046566889883131837"
            ]
        },
        "target": {
            "file": "api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/SlotAccessor.java"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-82da27f0",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "165776683507200117770288760030578833884",
            "length": 299.0
        },
        "target": {
            "file": "runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java",
            "function": "takeInventoryStack"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-8322245c",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "121064150689119639977218420239288959723",
            "length": 438.0
        },
        "target": {
            "file": "runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java",
            "function": "fillInputSlot"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-85d78889",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250211651684776907859111153464831491649",
                "198324746867864688325923041590522651214",
                "184154731962592141873847241423228453058",
                "65528335832218222140338424739013828565"
            ]
        },
        "target": {
            "file": "api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/ContainerSlotAccessor.java"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-9e4ed103",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "313852989382192987343109301977274427777",
                "72635867817477391664219937218798665082",
                "241434281604119750689174046807056973160",
                "207170077363795818375763565352325493990"
            ]
        },
        "target": {
            "file": "api/src/main/java/me/shedaniel/rei/api/common/transfer/info/simple/DumpHandler.java"
        },
        "source": "https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad",
        "id": "CVE-2024-42698-9f946237",
        "deprecated": false,
        "signature_version": "v1"
    }
]