{"id":"CVE-2024-42698","details":"Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication.","modified":"2026-04-12T09:38:27.904310Z","published":"2024-08-28T16:15:09.210Z","references":[{"type":"ADVISORY","url":"https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595"},{"type":"FIX","url":"https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/shedaniel/roughlyenoughitems","events":[{"introduced":"0"},{"fixed":"e80ca84f1affb91d2388ddb298bfc6b141828cad"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42698.json","vanir_signatures":[{"signature_type":"Line","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/clean/InputCleanHandler.java"},"digest":{"threshold":0.9,"line_hashes":["19590286002053980717722554483191131696","22172974988951916477905514940744674684","116715898566274656274092976874770745000","332519441353655168012645213155549388766"]},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-0f2ddf78"},{"signature_type":"Line","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/VanillaSlotAccessor.java"},"digest":{"threshold":0.9,"line_hashes":["235290671412712942733563394685304104179","55305120737490761525491496787044040807","181995209897539629266814444648072519655"]},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-1809f18a"},{"signature_type":"Line","target":{"file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/NewInputSlotCrafter.java"},"digest":{"threshold":0.9,"line_hashes":["292003680786407146274549005523617392561","314580155522821766503727750719382465592","300020457769011387128321797830300876216","45464211816532709821657986873496357386"]},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-2be990b4"},{"signature_type":"Function","target":{"function":"cleanInputs","file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/NewInputSlotCrafter.java"},"digest":{"length":362,"function_hash":"323643158532443095406582343005472950363"},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-587165bf"},{"signature_type":"Line","target":{"file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java"},"digest":{"threshold":0.9,"line_hashes":["8845121579441980780731552239399338419","156440199192694340804072367864184620405","163850799276483442935018251198009623409","93591308739411592163145723220744912462","90827562006929369054198756509320945167","215991203792504586471227043476477975272","206405747539248133181554614763909010988","228764926621070811715719659857180104213","185025050674521931818850147467868331526","247926054331038513277261433375715401956","190011604507371461382357818590408120267","246475418474521473066429328746060009460","220884027888050459794073188008898298494","1920261129045239175249700548067274359"]},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-6fba65f6"},{"signature_type":"Line","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/SlotAccessor.java"},"digest":{"threshold":0.9,"line_hashes":["253426478248365089697471096563993135330","328529235713551909328904348198784992660","293459973467321167855046566889883131837"]},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-82da27f0"},{"signature_type":"Function","target":{"function":"takeInventoryStack","file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java"},"digest":{"length":299,"function_hash":"165776683507200117770288760030578833884"},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-8322245c"},{"signature_type":"Function","target":{"function":"fillInputSlot","file":"runtime/src/main/java/me/shedaniel/rei/impl/common/transfer/InputSlotCrafter.java"},"digest":{"length":438,"function_hash":"121064150689119639977218420239288959723"},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-85d78889"},{"signature_type":"Line","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/stack/ContainerSlotAccessor.java"},"digest":{"threshold":0.9,"line_hashes":["250211651684776907859111153464831491649","198324746867864688325923041590522651214","184154731962592141873847241423228453058","65528335832218222140338424739013828565"]},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-9e4ed103"},{"signature_type":"Line","target":{"file":"api/src/main/java/me/shedaniel/rei/api/common/transfer/info/simple/DumpHandler.java"},"digest":{"threshold":0.9,"line_hashes":["313852989382192987343109301977274427777","72635867817477391664219937218798665082","241434281604119750689174046807056973160","207170077363795818375763565352325493990"]},"deprecated":false,"source":"https://github.com/shedaniel/roughlyenoughitems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad","signature_version":"v1","id":"CVE-2024-42698-9f946237"}],"vanir_signatures_modified":"2026-04-12T09:38:27Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"16.0.744"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}