CVE-2022-23884

Name of the Vulnerable Software and Affected Versions Mojang Bedrock Dedicated Server version 1.18.2

Description The issue is caused by an integer overflow leading to a bound check bypass in the PurchaseReceiptPacket:: read function, which is a packet deserializer. This function is used to process incoming packets, and the integer overflow allows for a bypass of the normal bounds checking, potentially leading to unauthorized access or data manipulation.

Recommendations For Mojang Bedrock Dedicated Server version 1.18.2, consider disabling the PurchaseReceiptPacket:: read function until a patch is available to prevent potential exploitation. Restrict access to the packet deserializer to minimize the risk of exploitation. Avoid using the PurchaseReceiptPacket in the affected server version until the issue is resolved.