GHSA-fm35-jgg3-3grx

Source

https://github.com/advisories/GHSA-fm35-jgg3-3grx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-fm35-jgg3-3grx/GHSA-fm35-jgg3-3grx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fm35-jgg3-3grx

Published

2022-03-18T17:54:38Z

Modified

2024-12-02T05:46:01.212304Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

NaN/INF in serverbound movement packets can crash clients and servers

Details

Impact

A malicious client may send a MovePlayerPacket to the server whose position or rotation contains NaN or INF. Since neither the server nor vanilla client handles this properly, a number of interesting side effects come into play.

The server may crash in various ways if this exploit is used, because some mathematical operations on NaN/INF generate PHP warnings, which are converted into exceptions.
Clients may not be able to see other clients who have a NaN/INF rotation.
Clients may also crash in such cases.

Patches

A patch for this was included in the 3.18.1 release: https://github.com/pmmp/PocketMine-MP/commit/fb20bb38327b4c08ee3976640cd0dd547388a638

Workarounds

Workarounds could be implemented as plugins using DataPacketReceiveEvent to block any inbound movement packets containing bogus values.

For more information

If you have any questions or comments about this advisory:

Open an issue in pmmp/PocketMine-MP
Email us at team@pmmp.io

Database specific

{
    "github_reviewed_at": "2021-05-21T18:18:08Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-20"
    ]
}

References

https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-fm35-jgg3-3grx

Affected packages

Packagist / pocketmine/pocketmine-mp

Package

Name: pocketmine/pocketmine-mp
Purl: pkg:composer/pocketmine/pocketmine-mp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.1

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.4.0

3.4.1

3.4.2

3.4.3

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.5.7

3.5.8

3.5.9

3.5.10

3.5.11

3.5.12

3.5.13

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.7.0

3.7.1

3.7.2

3.7.3

3.8.0

3.8.1

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

3.9.5

3.9.6

3.9.7

3.9.8

3.10.0

3.10.1

3.11.0

3.11.1

3.11.2

3.11.3

3.11.4

3.11.5

3.11.6

3.11.7

3.12.0

3.12.1

3.12.2

3.12.3

3.12.4

3.12.5

3.12.6

3.13.0

3.13.1

3.14.0

3.14.1

3.14.2

3.14.3

3.15.0

3.15.1

3.15.2

3.15.3

3.15.4

3.16.0

3.16.1

3.17.0

3.17.1

3.17.2

3.17.3

3.17.4

3.17.5

3.17.6

3.17.7

3.18.0

Database specific

last_known_affected_version_range

"<= 3.18.0"