CVE-2024-42698

MEDIUM

Roughly Enough Items (REI) <16.0.729 - Improper Validation

Title source: llm

Description

Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication.

References (2)

[Third Party Advisory] https://gist.github.com/apple502j/7b1af0082449c9bfbf910e9a25ef3595

[Patch] https://github.com/shedaniel/RoughlyEnoughItems/commit/e80ca84f1affb91d2388ddb298bfc6b141828cad

View Patch ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (1)

shedaniel/roughlyenoughitems < 16.0.744

Published Aug 28, 2024

Tracked Since Feb 18, 2026