Last active
August 28, 2024 04:58
-
-
Save apple502j/7b1af0082449c9bfbf910e9a25ef3595 to your computer and use it in GitHub Desktop.
Revisions
-
apple502j revised this gist
Aug 28, 2024 . 1 changed file with 14 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,20 @@ # REI Item Duplication (CVE-2024-42698) An item duplication bug was discovered in REI. A malicious ("hacked") client can send a crafted packet to a vulnerable Minecraft server running REI mod, which causes item duplication. Please refer to the table below for fix versions: | Minecraft Version | Last Affected | Fix Version | |-------------------|---------------|-------------| | 1.21 | 16.0.729 | 16.0.744 | | 1.20.4 | 14.1.727 | 14.1.742 | | 1.20.2 | 13.1.726 | 13.1.741 | | 1.20.1 | 12.1.725 | 12.1.740 | | 1.19.4 | 11.1.717 | 11.1.739 | | 1.19.2 | 9.2.724 | 9.2.738 | | 1.18.2 | 8.4.723 | 8.4.737 | The vulnerability is verified to be exploitable in version 1.21. Note that versions not listed here may be affected as well. Technical Description: Failure to validate slot index and decrement stack count in REI for Minecraft 1.21 version 16.0.729 and below allows in-game item duplication. - CVSS4.0: 5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/V:C -
Aug 28, 2024 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,12 @@ # REI Item Duplication (CVE-2024-42698) An item duplication bug was discovered in REI. A malicious ("hacked") client can send a crafted packet to a vulnerable Minecraft server running REI mod, which causes item duplication. Technical Description: Failure to validate slot index and decrement stack count in REI for Minecraft 1.21 version 16.0.729 and below allows in-game item duplication. - CVSS4.0: 5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/V:C - CVSS3.1: 4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N - CWE: CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input ## References - Fix Commit: https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad - Download: https://modrinth.com/mod/rei -
Jul 19, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,8 @@ # REI Item Duplication (CVE-2024-PENDING) An item duplication bug was discovered in REI. A malicious ("hacked") client can send a crafted packet to a vulnerable Minecraft server running REI mod, which causes item duplication. Technical Description: Failure to validate slot index and decrement stack count in REI for Minecraft 1.21 version 16.0.729 and below allows in-game item duplication. - CVSS4.0: 5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/V:C - CVSS3.1: 4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N - CWE: CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input