apple502j/emi-item-dupe.md

Last active August 28, 2024 04:49

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/apple502j/6d691b62c37fc37b03b0784917064df6.js"></script>
Save apple502j/6d691b62c37fc37b03b0784917064df6 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

emi-item-dupe.md

EMI Item Duplication (CVE-2024-41564)

An item duplication bug was discovered in EMI. A malicious ("hacked") client can send a crafted packet to a vulnerable Minecraft server running EMI mod, which causes item duplication. Fixed in version 1.1.11.

Technical Description: Failure to validate slot index and decrement stack count in EMI for Minecraft version 1.1.10 and below allows in-game item duplication.

CVSS4.0: 5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/V:C
CVSS3.1: 4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment