Name of the Vulnerable Software and Affected Versions PocketMine-MP (affected versions not specified)

Description The issue arises from the DyeColorIdMap->fromId() function not handling invalid input properly, leading to an undefined offset error. This function is indirectly called during the deserialization of item NBT data, which can occur when receiving data from the network or disk. An attacker can exploit this by providing NBT data with invalid pattern color values in an inventory transaction or by using the /give command to obtain an item with malicious NBT data, potentially crashing a server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.