Primary

Context

PocketMine-MP Improper Input Validation in Inventory Handling Leading to Server Crash

Vulnerability

A denial-of-service vulnerability has been identified in PocketMine-MP versions prior to 4.18.1. The issue arises from improper input validation in inventory transaction management. A remote attacker with a valid player session can exploit this vulnerability by requesting the server to drop more items than are available in the player's hotbar. This exploitation triggers a server crash, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a server crash, causing a denial-of-service condition.

Remediation

Users can update to PocketMine-MP version 4.18.1 or later to address this vulnerability.

Added: Dec 31, 2025, 10:22 PM

Updated: Dec 31, 2025, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PocketMine-MP Improper Input Validation in Inventory Handling Leading to Server Crash

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating