{ "expand": "operations,versionedRepresentations,editmeta,changelog,renderedFields", "id": "560341", "self": "https://bugs.mojang.com/rest/api/2/issue/560341", "key": "BDS-19346", "fields": { "issuetype": "1", "project": "11700", "fixVersions": [ "22453" ], "resolution": "1", "customfield_10500": { "self": "https://bugs.mojang.com/rest/api/2/customFieldOption/10302", "value": "Community Consensus", "id": "10302", "disabled": false }, "customfield_12800": null, "customfield_12602": [], "customfield_12601": null, "customfield_12604": null, "customfield_12603": null, "customfield_12606": null, "customfield_12605": null, "customfield_12608": null, "resolutiondate": "2024-08-12T20:27:55.000+0300", "customfield_12607": null, "customfield_12609": null, "workratio": -1, "lastViewed": null, "watches": { "self": "https://bugs.mojang.com/rest/api/2/issue/BDS-19346/watchers", "watchCount": 1, "isWatching": false }, "created": "2024-06-10T21:33:52.000+0300", "customfield_12000": null, "customfield_12201": null, "customfield_12600": null, "labels": [], "customfield_11700": "{}", "versions": [ "22255", "22412" ], "issuelinks": [ { "id": "301966", "self": "https://bugs.mojang.com/rest/api/2/issueLink/301966", "type": "10102", "inwardIssue": "560441" }, { "id": "303803", "self": "https://bugs.mojang.com/rest/api/2/issueLink/303803", "type": "10102", "inwardIssue": "562294" } ], "assignee": null, "updated": "2024-08-14T00:55:40.000+0300", "status": "5", "description": "On the windows 10 BDS (this may effect other versions too) a crash can happen when a large amount of empty UDP packets hit the server.\r\n\r\nThe log \"ATTENTION! Received EMPTY UDP packet - potential UDP ports scanning.\" will happen every time an empty UDP packet is sent. This can be exploited to crash the server by just throwing large amounts of empty packets at the server.\r\n\r\n\u00a0\r\n\r\nDetails:\r\n\r\nThe Log message is sent via a printf call which is considered unsafe in the moder world.\r\n\r\nMy guess is to why this happens is that it takes a while to print in general, The packet thread is paused while this happens and a race condition.\r\n\r\nThe location of the call is in RakNetSocket2.cpp in the deps tree of the MCBE codebase (this effects normal clients afaik).\r\n\r\nThe function is \"RakNet::RNS2_Berkley::RecvFromLoopInt\". Only know this due to symbols being in the BDS. So reporting on these bugs may become harder\r\n\r\nFix:\r\n\r\nTo fix this all you have to do is remove this log and it drastically helps. This cant be fully fixed like that but it drops the performance tank that\u00a0 happens when this attack happens.\r\n\r\n\u00a0\r\n\r\nRecreation:\r\n\r\nA simple test is start a BDS instance and make a simple script/app to send as many UDP packets as you can to the server and it should crash quite quickly\r\n\r\n\u00a0\r\n\r\nShowcase:\r\nI will attach below a video of it working and the script used to perform it", "customfield_11100": 2.0, "customfield_11300": null, "customfield_11500": "1250805", "customfield_12503": null, "customfield_12700": "[Briefly describe the bug here]\r\n\r\n*Steps to Reproduce:*\r\n# [Step 1]\r\n# [Step 2]\r\n# [Step 3]\r\n\r\n*Observed Results:*\r\n[Describe what happens]\r\n\r\n*Expected Results:*\r\n[Describe what should happen]\r\n\r\n*Screenshots/Videos attached:* [please attach an image or short video]\r\n\r\n*Notes:*", "customfield_12502": null, "security": { "self": "https://bugs.mojang.com/rest/api/2/securitylevel/10318", "id": "10318", "description": "Private, viewable only by volunteers and up.", "name": "Minecraft - Private" }, "customfield_12504": null, "attachment": [ "576048", "576049" ], "summary": "Empty UDP packets cause server crash", "creator": "JIRAUSER782328", "reporter": "JIRAUSER782328", "customfield_10002": null, "customfield_12501": null, "customfield_12500": null, "customfield_11601": null, "customfield_11600": "0|i2hxa7:", "environment": "Windows Version 10.0.19045 Build 19045", "customfield_11801": null, "customfield_11800": null, "customfield_11602": null, "customfield_11802": null, "comment": { "comments": [ { "self": "https://bugs.mojang.com/rest/api/2/issue/560341/comment/1329984", "id": "1329984", "author": "ocelotonesie", "body": "MEQS_KEEP_PRIVATE", "updateAuthor": "ocelotonesie", "created": "2024-06-10T23:12:21.234+0300", "updated": "2024-06-10T23:12:21.234+0300", "visibility": { "type": "group", "value": "staff" } }, { "self": "https://bugs.mojang.com/rest/api/2/issue/560341/comment/1330222", "id": "1330222", "author": "greymagic27", "body": "Plausible due to explanation of the issue", "updateAuthor": "greymagic27", "created": "2024-06-11T21:31:41.218+0300", "updated": "2024-06-11T21:31:41.218+0300", "visibility": { "type": "group", "value": "helper" } } ], "maxResults": 2, "total": 2, "startAt": 0 }, "votes": { "self": "https://bugs.mojang.com/rest/api/2/issue/BDS-19346/votes", "votes": 0, "hasVoted": false } }, "changelog": { "startAt": 0, "maxResults": 16, "total": 16, "histories": [ { "id": "3013367", "author": "JIRAUSER782328", "created": "2024-06-10T21:34:40.716+0300", "items": [ { "field": "description", "fieldtype": "jira", "from": null, "fromString": "On the windows 10 BDS (this may effect other versions too) a crash can happen when a large amount of empty UDP packets hit the server.\r\n\r\nThe log \"ATTENTION! Received EMPTY UDP packet - potential UDP ports scanning.\" will happen every time an empty UDP packet is sent. This can be exploited to crash the server by just throwing large amounts of empty packets at the server.\r\n\r\n\u00a0\r\n\r\nDetails:\r\n\r\nThe Log message is sent via a printf call which is considered unsafe in the moder world.\r\n\r\nMy guess is to why this happens is that it takes a while to print in general, The packet thread is paused while this happens and a race condition.\r\n\r\nThe location of the call is in RakNetSocket2.cpp in the deps tree of the MCBE codebase (this effects normal clients afaik)\r\n\r\nFix:\r\n\r\nTo fix this all you have to do is remove this log and it drastically helps. This cant be fully fixed like that but it drops the performance tank that\u00a0 happens when this attack happens", "to": null, "toString": "On the windows 10 BDS (this may effect other versions too) a crash can happen when a large amount of empty UDP packets hit the server.\r\n\r\nThe log \"ATTENTION! Received EMPTY UDP packet - potential UDP ports scanning.\" will happen every time an empty UDP packet is sent. This can be exploited to crash the server by just throwing large amounts of empty packets at the server.\r\n\r\n\u00a0\r\n\r\nDetails:\r\n\r\nThe Log message is sent via a printf call which is considered unsafe in the moder world.\r\n\r\nMy guess is to why this happens is that it takes a while to print in general, The packet thread is paused while this happens and a race condition.\r\n\r\nThe location of the call is in RakNetSocket2.cpp in the deps tree of the MCBE codebase (this effects normal clients afaik)\r\n\r\nFix:\r\n\r\nTo fix this all you have to do is remove this log and it drastically helps. This cant be fully fixed like that but it drops the performance tank that\u00a0 happens when this attack happens.\r\n\r\n\u00a0\r\n\r\nRecreation:\r\n\r\nA simple test is start a BDS instance and make a simple script/app to send as many UDP packets as you can to the server and it should crash quite quickly" } ] }, { "id": "3013424", "author": "JIRAUSER782328", "created": "2024-06-10T22:37:14.908+0300", "items": [ { "field": "Attachment", "fieldtype": "jira", "from": null, "fromString": null, "to": "576047", "toString": "ApplicationFrameHost_ymHeHRY1Og.mp4" } ] }, { "id": "3013425", "author": "JIRAUSER782328", "created": "2024-06-10T22:37:20.504+0300", "items": [ { "field": "Attachment", "fieldtype": "jira", "from": "576047", "fromString": "ApplicationFrameHost_ymHeHRY1Og.mp4", "to": null, "toString": null } ] }, { "id": "3013426", "author": "JIRAUSER782328", "created": "2024-06-10T22:37:55.678+0300", "items": [ { "field": "Attachment", "fieldtype": "jira", "from": null, "fromString": null, "to": "576048", "toString": "ApplicationFrameHost_ymHeHRY1Og.mp4" }, { "field": "Attachment", "fieldtype": "jira", "from": null, "fromString": null, "to": "576049", "toString": "crash.py" }, { "field": "description", "fieldtype": "jira", "from": null, "fromString": "On the windows 10 BDS (this may effect other versions too) a crash can happen when a large amount of empty UDP packets hit the server.\r\n\r\nThe log \"ATTENTION! Received EMPTY UDP packet - potential UDP ports scanning.\" will happen every time an empty UDP packet is sent. This can be exploited to crash the server by just throwing large amounts of empty packets at the server.\r\n\r\n\u00a0\r\n\r\nDetails:\r\n\r\nThe Log message is sent via a printf call which is considered unsafe in the moder world.\r\n\r\nMy guess is to why this happens is that it takes a while to print in general, The packet thread is paused while this happens and a race condition.\r\n\r\nThe location of the call is in RakNetSocket2.cpp in the deps tree of the MCBE codebase (this effects normal clients afaik)\r\n\r\nFix:\r\n\r\nTo fix this all you have to do is remove this log and it drastically helps. This cant be fully fixed like that but it drops the performance tank that\u00a0 happens when this attack happens.\r\n\r\n\u00a0\r\n\r\nRecreation:\r\n\r\nA simple test is start a BDS instance and make a simple script/app to send as many UDP packets as you can to the server and it should crash quite quickly", "to": null, "toString": "On the windows 10 BDS (this may effect other versions too) a crash can happen when a large amount of empty UDP packets hit the server.\r\n\r\nThe log \"ATTENTION! Received EMPTY UDP packet - potential UDP ports scanning.\" will happen every time an empty UDP packet is sent. This can be exploited to crash the server by just throwing large amounts of empty packets at the server.\r\n\r\n\u00a0\r\n\r\nDetails:\r\n\r\nThe Log message is sent via a printf call which is considered unsafe in the moder world.\r\n\r\nMy guess is to why this happens is that it takes a while to print in general, The packet thread is paused while this happens and a race condition.\r\n\r\nThe location of the call is in RakNetSocket2.cpp in the deps tree of the MCBE codebase (this effects normal clients afaik)\r\n\r\nFix:\r\n\r\nTo fix this all you have to do is remove this log and it drastically helps. This cant be fully fixed like that but it drops the performance tank that\u00a0 happens when this attack happens.\r\n\r\n\u00a0\r\n\r\nRecreation:\r\n\r\nA simple test is start a BDS instance and make a simple script/app to send as many UDP packets as you can to the server and it should crash quite quickly\r\n\r\n\u00a0\r\n\r\nShowcase:\r\nI will attach below a video of it working and the script used to perform it" } ] }, { "id": "3013436", "author": "ocelotonesie", "created": "2024-06-10T23:12:21.239+0300", "items": [ { "field": "security", "fieldtype": "jira", "from": null, "fromString": null, "to": "10318", "toString": "Minecraft - Private" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "1", "toString": "Open" } ] }, { "id": "3013500", "author": "JIRAUSER782328", "created": "2024-06-11T01:23:41.149+0300", "items": [ { "field": "description", "fieldtype": "jira", "from": null, "fromString": "On the windows 10 BDS (this may effect other versions too) a crash can happen when a large amount of empty UDP packets hit the server.\r\n\r\nThe log \"ATTENTION! Received EMPTY UDP packet - potential UDP ports scanning.\" will happen every time an empty UDP packet is sent. This can be exploited to crash the server by just throwing large amounts of empty packets at the server.\r\n\r\n\u00a0\r\n\r\nDetails:\r\n\r\nThe Log message is sent via a printf call which is considered unsafe in the moder world.\r\n\r\nMy guess is to why this happens is that it takes a while to print in general, The packet thread is paused while this happens and a race condition.\r\n\r\nThe location of the call is in RakNetSocket2.cpp in the deps tree of the MCBE codebase (this effects normal clients afaik)\r\n\r\nFix:\r\n\r\nTo fix this all you have to do is remove this log and it drastically helps. This cant be fully fixed like that but it drops the performance tank that\u00a0 happens when this attack happens.\r\n\r\n\u00a0\r\n\r\nRecreation:\r\n\r\nA simple test is start a BDS instance and make a simple script/app to send as many UDP packets as you can to the server and it should crash quite quickly\r\n\r\n\u00a0\r\n\r\nShowcase:\r\nI will attach below a video of it working and the script used to perform it", "to": null, "toString": "On the windows 10 BDS (this may effect other versions too) a crash can happen when a large amount of empty UDP packets hit the server.\r\n\r\nThe log \"ATTENTION! Received EMPTY UDP packet - potential UDP ports scanning.\" will happen every time an empty UDP packet is sent. This can be exploited to crash the server by just throwing large amounts of empty packets at the server.\r\n\r\n\u00a0\r\n\r\nDetails:\r\n\r\nThe Log message is sent via a printf call which is considered unsafe in the moder world.\r\n\r\nMy guess is to why this happens is that it takes a while to print in general, The packet thread is paused while this happens and a race condition.\r\n\r\nThe location of the call is in RakNetSocket2.cpp in the deps tree of the MCBE codebase (this effects normal clients afaik).\r\n\r\nThe function is \"RakNet::RNS2_Berkley::RecvFromLoopInt\". Only know this due to symbols being in the BDS. So reporting on these bugs may become harder\r\n\r\nFix:\r\n\r\nTo fix this all you have to do is remove this log and it drastically helps. This cant be fully fixed like that but it drops the performance tank that\u00a0 happens when this attack happens.\r\n\r\n\u00a0\r\n\r\nRecreation:\r\n\r\nA simple test is start a BDS instance and make a simple script/app to send as many UDP packets as you can to the server and it should crash quite quickly\r\n\r\n\u00a0\r\n\r\nShowcase:\r\nI will attach below a video of it working and the script used to perform it" } ] }, { "id": "3014023", "author": "greymagic27", "created": "2024-06-11T21:31:41.225+0300", "items": [ { "field": "Confirmation Status", "fieldtype": "custom", "from": "10300", "fromString": "Unconfirmed", "to": "10301", "toString": "Plausible" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "1", "toString": "Open" } ] }, { "id": "3014239", "author": "ocelotonesie", "created": "2024-06-12T12:58:52.349+0300", "items": [ { "field": "Link", "fieldtype": "jira", "from": null, "fromString": null, "to": "BDS-19350", "toString": "This issue is duplicated by BDS-19350" } ] }, { "id": "3014241", "author": "ocelotonesie", "created": "2024-06-12T12:59:15.930+0300", "items": [ { "field": "Confirmation Status", "fieldtype": "custom", "from": "10301", "fromString": "Plausible", "to": "10302", "toString": "Community Consensus" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "1", "toString": "Open" }, { "field": "summary", "fieldtype": "jira", "from": null, "fromString": "Empty UDP packets cause server crash.", "to": null, "toString": "Empty UDP packets cause server crash" } ] }, { "id": "3014315", "author": "weszaj_waw", "created": "2024-06-12T14:36:58.698+0300", "items": [ { "field": "ADO", "fieldtype": "custom", "from": null, "fromString": null, "to": null, "toString": "1250805" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "1", "toString": "Open" } ] }, { "id": "3014833", "author": "arisabot", "created": "2024-06-13T14:37:01.318+0300", "items": [ { "field": "Linked", "fieldtype": "custom", "from": null, "fromString": "0", "to": null, "toString": "1" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "1", "toString": "Open" } ] }, { "id": "3033444", "author": "weszaj_waw", "created": "2024-07-10T12:46:46.497+0300", "items": [ { "field": "Link", "fieldtype": "jira", "from": null, "fromString": null, "to": "BDS-19421", "toString": "This issue is duplicated by BDS-19421" } ] }, { "id": "3033446", "author": "arisabot", "created": "2024-07-10T12:46:51.409+0300", "items": [ { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "22412", "toString": "1.21.1" } ] }, { "id": "3034042", "author": "arisabot", "created": "2024-07-11T12:46:56.890+0300", "items": [ { "field": "Linked", "fieldtype": "custom", "from": null, "fromString": "1", "to": null, "toString": "2" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "1", "toString": "Open" } ] }, { "id": "3052818", "author": "greymagic27", "created": "2024-08-12T20:27:55.521+0300", "items": [ { "field": "resolution", "fieldtype": "jira", "from": null, "fromString": null, "to": "1", "toString": "Fixed" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "5", "toString": "Resolved" } ] }, { "id": "3053656", "author": "jarl-penguin", "created": "2024-08-14T00:55:40.631+0300", "items": [ { "field": "Fix Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "22453", "toString": "1.21.20" }, { "field": "status", "fieldtype": "jira", "from": "5", "fromString": "Resolved", "to": "5", "toString": "Resolved" } ] } ] } }