{ "expand": "operations,versionedRepresentations,editmeta,changelog,renderedFields", "id": "517423", "self": "https://bugs.mojang.com/rest/api/2/issue/517423", "key": "BDS-17703", "fields": { "issuetype": "1", "project": "11700", "fixVersions": [], "resolution": "1", "customfield_10500": { "self": "https://bugs.mojang.com/rest/api/2/customFieldOption/10300", "value": "Unconfirmed", "id": "10300", "disabled": false }, "customfield_12800": null, "customfield_12602": [], "customfield_12601": null, "customfield_12604": null, "customfield_12603": null, "customfield_12606": null, "customfield_12605": null, "customfield_12608": null, "resolutiondate": "2024-01-02T13:46:04.000+0200", "customfield_12607": null, "customfield_12609": null, "workratio": -1, "lastViewed": null, "watches": { "self": "https://bugs.mojang.com/rest/api/2/issue/BDS-17703/watchers", "watchCount": 3, "isWatching": false }, "created": "2022-10-07T17:37:19.000+0300", "customfield_12000": null, "customfield_12201": null, "customfield_12600": null, "labels": [], "customfield_11700": "{}", "versions": [ "21176" ], "issuelinks": [], "assignee": null, "updated": "2024-01-02T13:46:04.000+0200", "status": "5", "description": "Sourced from: https://github.com/LuckyDogDog/CVE-2022-23884\r\nh1. CVE-2022-23884\r\n\r\nThere is a network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Server),which allow attacker to launch a DoS attack.\r\n\r\nCVE-2022-23884 Mojang Bedrock Dedicated Server 1.16.0-latest is affected by an large loop and crash server caused by PurchaseReceiptPacket::_read (packet deserializer).\r\nh2. Details\r\n\r\nCVE-2022-23884 affects Bedrock Server 1.16.0-latest.\r\nIt is caused by PurchaseReceiptPacket::_read (packet deserializer).\r\n\r\n\r\n{{//pseudo-code}}\r\n{{u32 Num = readUnsignedVarInt();}}\r\n{{\u00a0for ( i = 0; i < (unsigned int)Num; ++i )}}\r\n{{\u00a0 {}}\r\n{{\u00a0 \u00a0 \u00a0 ...}}\r\n{{\u00a0 }}}\r\n\r\n\r\nAttackers can choose special Num (e.g. `0xffffffff`) Large sizes will cause a large loop(blocks the main thread) and crash server.\r\nh2. PoCs\r\n\r\nDisclaimer: PoCs are only excepted to be used for testing whether your server is vulnerable.Providers assume no liability and are not responsible for any misuse or damage caused by these programs. Use at your own risk.\r\n\r\n\r\nCVE-2022-23884: python replay.py purchase.pkt\r\nh2. Patches\r\n\r\n\r\nLatest Bedrock Server(1.18.12.01) does not include patches for CVE-2022-23884. There are third-party patches. \u00a0\r\nh3. Patch for `CVE-2022-23884`: \u00a0\r\n\r\n\r\nYou can hook `PurchaseReceiptPacket::_read` and return false.\r\n(The packet is only used for partnered servers,So BDS does not need to do any processing, just return false) https://github.com/LiteLDev/LiteLoaderBDS/blob/a21c3b4220170e29a82dba1460118dbbd041a273/LiteLoader/Main/BuiltinBugFix.cpp#L47 in LiteLoader fixed `CVE-2022-23884`. \u00a0", "customfield_11100": 0.0, "customfield_11300": null, "customfield_11500": "916200", "customfield_12503": null, "customfield_12700": "[Briefly describe the bug here]\r\n\r\n*Steps to Reproduce:*\r\n# [Step 1]\r\n# [Step 2]\r\n# [Step 3]\r\n\r\n*Observed Results:*\r\n[Describe what happens]\r\n\r\n*Expected Results:*\r\n[Describe what should happen]\r\n\r\n*Screenshots/Videos attached:* [please attach an image or short video]\r\n\r\n*Notes:*", "customfield_12502": null, "security": { "self": "https://bugs.mojang.com/rest/api/2/securitylevel/10318", "id": "10318", "description": "Private, viewable only by volunteers and up.", "name": "Minecraft - Private" }, "customfield_12504": null, "attachment": [], "summary": "Crash Vulnerability - PurchaseReceiptPacket::_read", "creator": "JIRAUSER732469", "reporter": "JIRAUSER732469", "customfield_10002": null, "customfield_12501": null, "customfield_12500": null, "customfield_11601": null, "customfield_11600": "0|i2aozj:", "environment": "BDS server + realms", "customfield_11801": null, "customfield_11800": null, "customfield_11602": null, "customfield_11802": null, "comment": { "comments": [ { "self": "https://bugs.mojang.com/rest/api/2/issue/517423/comment/1203891", "id": "1203891", "author": "ocelotonesie", "body": "MEQS_KEEP_PRIVATE", "updateAuthor": "ocelotonesie", "created": "2022-10-08T13:41:07.755+0300", "updated": "2022-10-08T13:41:07.755+0300", "visibility": { "type": "group", "value": "staff" } } ], "maxResults": 1, "total": 1, "startAt": 0 }, "votes": { "self": "https://bugs.mojang.com/rest/api/2/issue/BDS-17703/votes", "votes": 0, "hasVoted": false } }, "changelog": { "startAt": 0, "maxResults": 2, "total": 2, "histories": [ { "id": "2679783", "author": "JIRAUSER648376", "created": "2022-10-17T15:32:38.867+0300", "items": [ { "field": "ADO", "fieldtype": "custom", "from": null, "fromString": null, "to": null, "toString": "916200" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "1", "toString": "Open" } ] }, { "id": "2918895", "author": "greymagic27", "created": "2024-01-02T13:46:04.842+0200", "items": [ { "field": "resolution", "fieldtype": "jira", "from": null, "fromString": null, "to": "1", "toString": "Fixed" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "5", "toString": "Resolved" } ] } ] } }