GHSA-W98G-5FMX-WM4X
Vulnerability from github – Published: 2023-11-15 18:42 – Updated: 2023-11-15 18:42
VLAI
Summary
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Details
Impact
A client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server doesn't make any effort to limit the size of the queue or detect this kind of abuse, this problem is easy to abuse.
Patches
This bug was fixed on the 0.14.x and 0.15.x release lines by 371190f5854372154d1b263cd2a10e658e92bebe.
Workarounds
No workaround is known.
Severity
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pocketmine/raklib"
},
"ranges": [
{
"events": [
{
"introduced": "0.14.0"
},
{
"fixed": "0.14.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "pocketmine/raklib"
},
"ranges": [
{
"events": [
{
"introduced": "0.15.0"
},
{
"fixed": "0.15.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-15T18:42:38Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nA client can send reliable-ordered packets 0, 2, 3, 4, 5 ... etc, and all the packets 2 and up will stay in the reliable-ordered queue until 1 arrives. A malicious client can exploit this to waste all available server memory by simply never sending the missing packet. Since the server doesn\u0027t make any effort to limit the size of the queue or detect this kind of abuse, this problem is easy to abuse.\n\n### Patches\nThis bug was fixed on the 0.14.x and 0.15.x release lines by 371190f5854372154d1b263cd2a10e658e92bebe.\n\n### Workarounds\nNo workaround is known.",
"id": "GHSA-w98g-5fmx-wm4x",
"modified": "2023-11-15T18:42:38Z",
"published": "2023-11-15T18:42:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pmmp/RakLib/security/advisories/GHSA-w98g-5fmx-wm4x"
},
{
"type": "WEB",
"url": "https://github.com/pmmp/RakLib/commit/371190f5854372154d1b263cd2a10e658e92bebe"
},
{
"type": "PACKAGE",
"url": "https://github.com/pmmp/RakLib"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…