{"id":"CVE-2023-7332","details":"PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.","aliases":["GHSA-h87r-f4vc-mchv"],"modified":"2026-01-04T05:43:01.919234Z","published":"2025-12-31T22:15:47.870Z","references":[{"type":"WEB","url":"https://github.com/pmmp/PocketMine-MP/blob/4.18.1/changelogs/4.18.md"},{"type":"ADVISORY","url":"https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-h87r-f4vc-mchv"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/pocketmine-mp-improper-validation-of-dropped-item-count-allows-remote-server-crash"},{"type":"FIX","url":"https://github.com/pmmp/PocketMine-MP/commit/5897476"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pmmp/pocketmine-mp","events":[{"introduced":"0"},{"fixed":"5897476"}]}],"versions":["1.4","1.4-916","1.4.1","1.4.1dev-936","1.5dev","1.6.1dev-87","1.6.2dev-229","1.6.2dev-562","1.6.2dev-57","1.6dev","1.7dev-1001","1.7dev-27","1.7dev-318","1.7dev-501","1.7dev-516","1.7dev-677","1.7dev-698","1.7dev-703","1.7dev-717","1.7dev-743","1.7dev-83","1.7dev-937","1.7dev-999","3.0.0","3.0.1","3.0.10","3.0.11","3.0.12","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.10.0","3.10.1","3.11.0","3.11.1","3.11.2","3.11.3","3.11.4","3.11.5","3.11.6","3.11.7","3.12.0","3.12.1","3.12.2","3.12.3","3.12.4","3.12.5","3.12.6","3.13.0","3.13.1","3.14.0","3.14.1","3.14.2","3.14.3","3.15.0","3.15.1","3.15.2","3.15.3","3.15.4","3.16.0","3.16.1","3.17.0","3.17.1","3.17.2","3.17.3","3.17.4","3.17.5","3.17.6","3.17.7","3.18.0","3.18.1","3.18.2","3.19.0","3.19.1","3.19.2","3.19.3","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.20.0","3.21.0","3.21.1","3.22.0","3.22.1","3.22.2","3.22.3","3.22.4","3.22.5","3.23.0","3.23.1","3.24.0","3.25.0","3.25.1","3.25.2","3.25.3","3.25.4","3.25.5","3.25.6","3.26.0","3.26.1","3.26.2","3.26.3","3.26.4","3.26.5","3.27.0","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.4.0","3.4.1","3.4.2","3.4.3","3.5.0","3.5.1","3.5.10","3.5.11","3.5.12","3.5.13","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.7","3.5.8","3.5.9","3.6.0","3.6.1","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.7.0","3.7.1","3.7.2","3.7.3","3.8.0","3.8.1","3.8.2","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.9.0","3.9.1","3.9.2","3.9.3","3.9.4","3.9.5","3.9.6","3.9.7","3.9.8","4.0.0","4.0.0-BETA1","4.0.0-BETA10","4.0.0-BETA11","4.0.0-BETA12","4.0.0-BETA13","4.0.0-BETA14","4.0.0-BETA15","4.0.0-BETA2","4.0.0-BETA3","4.0.0-BETA4","4.0.0-BETA5","4.0.0-BETA6","4.0.0-BETA7","4.0.0-BETA8","4.0.0-BETA9","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.1.0","4.1.0-BETA1","4.1.0-BETA2","4.10.0","4.10.1","4.10.2","4.11.0","4.11.0-BETA1","4.11.0-BETA2","4.12.0","4.12.1","4.12.10","4.12.11","4.12.2","4.12.3","4.12.4","4.12.5","4.12.6","4.12.7","4.12.8","4.12.9","4.13.0","4.13.0-BETA1","4.14.0","4.14.1","4.15.0","4.15.1","4.15.2","4.15.3","4.16.0","4.16.0-BETA1","4.16.0-BETA2","4.17.0","4.17.1","4.18.0","4.18.0-ALPHA1","4.18.0-ALPHA2","4.2.0","4.2.1","4.2.10","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.4.0","4.4.0-BETA1","4.4.1","4.4.2","4.5.0","4.5.1","4.5.2","4.6.0","4.6.1","4.6.2","4.7.0","4.7.1","4.7.2","4.7.3","4.8.0","4.8.1","4.9.0","4.9.1","Alpha_1.0","Alpha_1.0.1","Alpha_1.0.2","Alpha_1.0.3","Alpha_1.0.4","Alpha_1.0.5","Alpha_1.0.6","Alpha_1.0.7","Alpha_1.0.8","Alpha_1.1","Alpha_1.1.1","Alpha_1.2","Alpha_1.2.1","Alpha_1.3","Alpha_1.3.1","Alpha_1.3.10","Alpha_1.3.11","Alpha_1.3.12","Alpha_1.3.2","Alpha_1.3.3","Alpha_1.3.4","Alpha_1.3.5","Alpha_1.3.7","Alpha_1.3.8","Alpha_1.3.9","Alpha_1.4dev-228","Alpha_1.4dev-277","Alpha_1.4dev-413","Alpha_1.4dev-449","Alpha_1.4dev-478","Alpha_1.4dev-491","Alpha_1.4dev-576","Alpha_1.4dev-599","Alpha_1.4dev-659","Alpha_1.4dev-665","Alpha_1.4dev-707","Alpha_1.4dev-822","Alpha_1.4dev-834","Alpha_1.4dev-842","Alpha_1.4dev-847","Alpha_1.4dev-855","Alpha_1.4dev-900","api/1.11.0","api/1.12.0","api/2.0.0","api/2.1.0","api/3.0.0-ALPHA1","api/3.0.0-ALPHA10","api/3.0.0-ALPHA11","api/3.0.0-ALPHA12","api/3.0.0-ALPHA2","api/3.0.0-ALPHA3","api/3.0.0-ALPHA4","api/3.0.0-ALPHA5","api/3.0.0-ALPHA6","api/3.0.0-ALPHA7","api/3.0.0-ALPHA8","api/3.0.0-ALPHA9","before-fixed-wrong-paths","before-psr4","pocketmine-mp-rebrand"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7332.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}