CVE-2023-7332
📋 TL;DR
This vulnerability allows remote attackers with valid player sessions to crash PocketMine-MP game servers by sending malicious inventory transaction requests. The server improperly validates dropped item counts, enabling attackers to request dropping more items than available in their hotbar. This affects all PocketMine-MP servers running versions before 4.18.1.
💻 Affected Systems
- PocketMine-MP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server denial of service with repeated crashes, disrupting gameplay for all connected players and potentially causing data corruption if crashes occur during critical operations.
Likely Case
Server crashes resulting in temporary denial of service, requiring manual restart and causing gameplay disruption for all connected players.
If Mitigated
Minimal impact with proper patching; servers remain stable with normal gameplay functionality.
🎯 Exploit Status
Exploitation requires a valid player session but is trivial to execute once authenticated. Public proof-of-concept exists in advisory references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.18.1
Vendor Advisory: https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-h87r-f4vc-mchv
Restart Required: Yes
Instructions:
1. Stop the PocketMine-MP server. 2. Update to version 4.18.1 or later using the official update method. 3. Restart the server.
🔧 Temporary Workarounds
Session Rate Limiting
allImplement rate limiting on inventory transactions to reduce the impact of repeated exploitation attempts.
Network Segmentation
allRestrict server access to trusted players only through whitelisting or VPN requirements.
🧯 If You Can't Patch
- Implement strict player whitelisting to limit potential attackers
- Monitor server logs for abnormal inventory transaction patterns and ban suspicious players
🔍 How to Verify
Check if Vulnerable:
Check if PocketMine-MP version is below 4.18.1. Vulnerable if version < 4.18.1.Check Version:
Run the PocketMine-MP server with --version flag or check server startup logsVerify Fix Applied:
Confirm PocketMine-MP version is 4.18.1 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Server crash logs mentioning inventory transactions
- Abnormal disconnection patterns
- Error messages related to item dropping or inventory handling
Network Indicators:
- Unusually frequent inventory transaction packets from single players
- Pattern of server crashes following specific player actions
SIEM Query:
Search for 'PocketMine-MP crash' AND 'inventory' OR 'transaction' in server logs🔗 References
- https://github.com/pmmp/PocketMine-MP/blob/4.18.1/changelogs/4.18.md
- https://github.com/pmmp/PocketMine-MP/commit/5897476
- https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-h87r-f4vc-mchv
- https://www.vulncheck.com/advisories/pocketmine-mp-improper-validation-of-dropped-item-count-allows-remote-server-crash
