Name of the Vulnerable Software and Affected Versions PocketMine versions prior to 4.22.3 PocketMine versions prior to 5.2.1

Description A player can cause the server to crash by sending a packet with incorrect sign data in NBT in the BlockActorDataPacket. This can be achieved by sending an NBT with an incorrect type, which would throw an error. The issue was discovered in version 4.22.1, and it is possible that other packets may also be affected. This makes it possible to shut down a server for someone who knows how to operate it.

Recommendations For PocketMine versions prior to 4.22.3, update to version 4.22.3 or later to resolve the issue. For PocketMine versions prior to 5.2.1, update to version 5.2.1 or later to resolve the issue. As a temporary workaround, consider using a plugin to handle DataPacketReceiveEvent for BlockActorDataPacket and verify that the FrontText tag is a TAG Compound to prevent the server from crashing.