Allocation of Resources Without Limits or Throttling in PocketMine-MP - #VU125416
Published: May 30, 2023 / Updated: May 20, 2026
PocketMine-MP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper resource consumption control in InventoryTransactionPacket handling when processing mismatch inventory transactions. A remote attacker can send repeated mismatch-type InventoryTransactionPacket messages to cause a denial of service.
The issue can be abused as a bandwidth multiplier by triggering resynchronization of all currently open inventories.