Improper input validation in PocketMine-MP - #VU125409
Published: May 22, 2022 / Updated: April 8, 2026
Vulnerability identifier: #VU125409
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PocketMine-MP
PocketMine-MP
Software vendor:
PMMP
PMMP
Description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in chat message processing when handling large chat messages containing many newline characters. A remote attacker can send a specially crafted chat packet to cause a denial of service.
The issue is triggered because incoming chat message blobs are split on newline characters and the total message length is not checked before parsing.
Remediation
Install security update from vendor's website.