CVE-2024-42698

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42698
Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595 Third Party Advisory
https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:shedaniel:roughlyenoughitems:*:*:*:*:*:minecraft:*:*
History

19 Sep 2024, 16:29

Type Values Removed Values Added
CWE CWE-129
References () https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595 - () https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595 - Third Party Advisory
References () https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad - () https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad - Patch
CVSS v2 : unknown
v3 : 4.3 		v2 : unknown
v3 : 5.3
First Time Shedaniel roughlyenoughitems
Shedaniel
CPE cpe:2.3:a:shedaniel:roughlyenoughitems:*:*:*:*:*:minecraft:*:*

29 Aug 2024, 13:25

Type Values Removed Values Added
Summary
  • (es) Roughly Enough Items (REI) v.16.0.729 y anteriores contienen una vulnerabilidad de validación incorrecta del índice, la posición o el desplazamiento especificados en la entrada. El problema específico es una falla en la validación del índice de ranura y la disminución del recuento de la pila en el mod Roughly Enough Items (REI) para Minecraft, lo que permite la duplicación de elementos en el juego.

28 Aug 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-28 16:15

Updated : 2024-09-19 16:29

NVD link : CVE-2024-42698

Mitre link : CVE-2024-42698

CVE.ORG link : CVE-2024-42698

JSON object : View

Products Affected

shedaniel

  • roughlyenoughitems
CWE
CWE-129

Improper Validation of Array Index