I haven't tried this in practice, but it seems that the server doesn't check whether the sink input's or source output's resampler supports rate changes when a client sends a request to change the stream's rate. When using libpulse, invalid rate changes are filtered at client side, but a malicious client can talk to the server without using libpulse.
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/issues/443.