Name of the Vulnerable Software and Affected Versions PocketMine-MP (affected versions not specified)

Description The issue arises from the pocketmineentitySkin component not handling errors correctly when parsing skin geometry data. Specifically, it expects false to be returned in case of an error, but instead, adhocore/json-comment throws a RuntimeException, leading to a server crash. This can occur if the skin geometry data is invalid, such as containing syntax errors.

Recommendations As a temporary workaround, consider developing a plugin to handle LoginPacket and PlayerSkinPacket to verify that the skin geometry data can be parsed correctly, thus preventing the error condition in the core code from being reached. At the moment, there is no information about a newer version that contains a fix for this vulnerability.