Impact
A malicious client may send a MovePlayerPacket
to the server whose position or rotation contains NaN or INF. Since neither the server nor vanilla client handles this properly, a number of interesting side effects come into play.
- The server may crash in various ways if this exploit is used, because some mathematical operations on NaN/INF generate PHP warnings, which are converted into exceptions.
- Clients may not be able to see other clients who have a NaN/INF rotation.
- Clients may also crash in such cases.
Patches
A patch for this was included in the 3.18.1 release: pmmp/PocketMine-MP@fb20bb3
Workarounds
Workarounds could be implemented as plugins using DataPacketReceiveEvent
to block any inbound movement packets containing bogus values.
For more information
If you have any questions or comments about this advisory:
References
Impact
A malicious client may send a
MovePlayerPacket
to the server whose position or rotation contains NaN or INF. Since neither the server nor vanilla client handles this properly, a number of interesting side effects come into play.Patches
A patch for this was included in the 3.18.1 release: pmmp/PocketMine-MP@fb20bb3
Workarounds
Workarounds could be implemented as plugins using
DataPacketReceiveEvent
to block any inbound movement packets containing bogus values.For more information
If you have any questions or comments about this advisory:
References