{"id":"CVE-2024-42698","details":"Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication.","modified":"2026-03-14T12:36:16.724605Z","published":"2024-08-28T16:15:09.210Z","references":[{"type":"ADVISORY","url":"https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595"},{"type":"FIX","url":"https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/shedaniel/roughlyenoughitems","events":[{"introduced":"0"},{"fixed":"e80ca84f1affb91d2388ddb298bfc6b141828cad"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42698.json","vanir_signatures":[{"signature_type":"Line","id":"CVE-2024-42698-0f2ddf78","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/clean/InputCleanHandler.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["19590286002053980717722554483191131696","22172974988951916477905514940744674684","116715898566274656274092976874770745000","332519441353655168012645213155549388766"],"threshold":0.9}},{"signature_type":"Line","id":"CVE-2024-42698-1809f18a","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/VanillaSlotAccessor.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["235290671412712942733563394685304104179","55305120737490761525491496787044040807","181995209897539629266814444648072519655"],"threshold":0.9}},{"signature_type":"Line","id":"CVE-2024-42698-2be990b4","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/NewInputSlotCrafter.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["292003680786407146274549005523617392561","314580155522821766503727750719382465592","300020457769011387128321797830300876216","45464211816532709821657986873496357386"],"threshold":0.9}},{"signature_type":"Function","id":"CVE-2024-42698-587165bf","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"function":"cleanInputs","file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/NewInputSlotCrafter.java"},"signature_version":"v1","deprecated":false,"digest":{"length":362,"function_hash":"323643158532443095406582343005472950363"}},{"signature_type":"Line","id":"CVE-2024-42698-6fba65f6","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["8845121579441980780731552239399338419","156440199192694340804072367864184620405","163850799276483442935018251198009623409","93591308739411592163145723220744912462","90827562006929369054198756509320945167","215991203792504586471227043476477975272","206405747539248133181554614763909010988","228764926621070811715719659857180104213","185025050674521931818850147467868331526","247926054331038513277261433375715401956","190011604507371461382357818590408120267","246475418474521473066429328746060009460","220884027888050459794073188008898298494","1920261129045239175249700548067274359"],"threshold":0.9}},{"signature_type":"Line","id":"CVE-2024-42698-82da27f0","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/SlotAccessor.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["253426478248365089697471096563993135330","328529235713551909328904348198784992660","293459973467321167855046566889883131837"],"threshold":0.9}},{"signature_type":"Function","id":"CVE-2024-42698-8322245c","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"function":"takeInventoryStack","file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java"},"signature_version":"v1","deprecated":false,"digest":{"length":299,"function_hash":"165776683507200117770288760030578833884"}},{"signature_type":"Function","id":"CVE-2024-42698-85d78889","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"function":"fillInputSlot","file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java"},"signature_version":"v1","deprecated":false,"digest":{"length":438,"function_hash":"121064150689119639977218420239288959723"}},{"signature_type":"Line","id":"CVE-2024-42698-9e4ed103","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/ContainerSlotAccessor.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["250211651684776907859111153464831491649","198324746867864688325923041590522651214","184154731962592141873847241423228453058","65528335832218222140338424739013828565"],"threshold":0.9}},{"signature_type":"Line","id":"CVE-2024-42698-9f946237","source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/simple/DumpHandler.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["313852989382192987343109301977274427777","72635867817477391664219937218798665082","241434281604119750689174046807056973160","207170077363795818375763565352325493990"],"threshold":0.9}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"16.0.744"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}