Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The issue arises when the client sends a serialized version of the itemstack to the server during an inventory interaction. The server then deserializes this data and compares it against its own copy. If the data does not match, the transaction is considered invalid. This process involves deserializing item NBT from the client, allowing for potentially bogus data to be provided. While usually harmless, certain types of bad data (e.g., incorrect ListTag type for the CanDestroy tag) could result in server crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.