Name of the Vulnerable Software and Affected Versions PocketMine-MP versions prior to the version containing the patch 5fd685e07d61ef670584ed11a52fd5f4b99a81a7

Description The issue arises from a workaround implemented for unmapped network items, allowing arbitrary item IDs to be written into an item's NBT. This leads to an exploit due to internal limits on the range that item IDs can occupy, causing an uncaught exception that crashes the server. The TAG Int type used to represent replacement IDs for unknown items has a larger range, from -(2^31) to 2^31 - 1, than the internal limits of -32768 to 32767.

Recommendations For versions prior to the patch 5fd685e07d61ef670584ed11a52fd5f4b99a81a7, update to a version that includes this patch to resolve the issue. As a temporary workaround, consider using a custom TypeConverter in plugins to check for the exploit, although this may be cumbersome.