[BDS-15528] Please fix CVE-2021-45383 & CVE-2021-45384

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. I can send a disconnectPacket to bds, causing bds to crash.Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

This is the fix plan of the community

https://github.com/LiteLDev/LiteLoaderBDS/blob/main/LiteLoader/Main/BuiltinBugFix.cpp

CVE-2021-45383 & CVE-2021-45384

https://github.com/nt1dr/CVE-2021-45383

Linked Issues

is duplicated by4

BDS-11598a disconnet crash bugDuplicate

BDS-16701Network-layer Vulnerabilities - Bad data packet cause BDS to crashDuplicate

BDS-16752Several network layer vulnerabilities exist that seriously harm the security of the BDS serverDuplicate

MCPE-150816Security vulnerability: NULL pointer dereference in ServerNetworkHandler::handle(DisconnectPacket)Duplicate

Attachments3

CRASHBDS.zip

rbw

2021-10-03, 02:43:33 PM

image-2021-10-03-19-16-59-263.png

qingqingni

2021-10-03, 02:17:01 PM

SHIG`~0DVVFX`KLDNZ3_1EH.png

qingqingni

2021-10-03, 02:16:49 PM

Comments4

rbw 2021-10-03, 02:44:42 PM

This is a tool that uses this vulnerability to crash BDS, written by testers.

CRASHBDS.zip

^{At the same time, I hope that Mojang can provide more detailed PDB files in the next version so that we can better evaluate and analyze bugs.}

Jasonzyt 2021-10-03, 02:45:15 PM

Please fix it. There is a organization named nhackers,used to attack BDServers by this bug

[Mod] OcelotOnesie 2021-10-03, 03:44:18 PM

Restricted to staff

MEQS_KEEP_PRIVATE

ekuznets 2022-06-20, 09:11:26 PM

This ticket won't cover all of the exploits that are reported in ~~BDS-16752~~. Maybe it is worth reopening so we can keep track of other vulnerabilities out there.
Only the disconnect bug will be targeted here.

History33

[Bot] Arisa 2021-10-03, 02:22:18 PM

Changed description:

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

qingqingni 2021-10-03, 02:22:49 PM

Changed description:

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

qingqingni 2021-10-03, 02:23:01 PM

Added attachment: SHIG`~0DVVFX`KLDNZ3_1EH-1.png

qingqingni 2021-10-03, 02:23:18 PM

Changed description:

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

qingqingni 2021-10-03, 02:23:21 PM

Removed attachment: SHIG`~0DVVFX`KLDNZ3_1EH-1.png

qingqingni 2021-10-03, 02:23:37 PM

Changed description:

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

This vulnerability has existed in many versions. After reverse-engineering the BDS, it is found that disconnectPacket lacks ServerPlayer's judgment.There may have been many attackers targeting this vulnerability. Hope mojang can pay attention and fix it.This bug may involve realms.

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

qingqingni 2021-10-03, 02:25:06 PM

Changed description:

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

qingqingni 2021-10-03, 02:29:13 PM

Changed description:

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

This is the fix plan of the community

LiteLoaderBDS/BugFix.cpp at master · LiteLDev/LiteLoaderBDS (github.com)

rbw 2021-10-03, 02:43:33 PM

Added attachment:

CRASHBDS.zip

[Mod] OcelotOnesie 2021-10-03, 03:44:18 PM

Added Security Level: Minecraft - Private

Maciej Piornik 2021-10-07, 12:29:16 PM

Added is duplicated by link:
BDS-11598a disconnet crash bugDuplicate

[Bot] Arisa 2021-10-07, 12:29:22 PM

Added affects versions: 1.16.200 1.16.201 Hotfix

qingqingni 2021-10-07, 05:00:11 PM

Added affects versions: 1.17.34

qingqingni 2021-10-20, 05:40:51 PM

Added affects versions: 1.17.40

qingqingni 2021-12-06, 01:35:37 PM

Added affects versions: 1.18.0

qingqingni 2021-12-29, 06:42:29 PM

Added affects versions: 1.18.2 Hotfix

Maciej Piornik 2022-01-12, 04:11:32 PM

Added is duplicated by link:
BDS-16701Network-layer Vulnerabilities - Bad data packet cause BDS to crashDuplicate

qingqingni 2022-01-12, 04:27:30 PM

Changed description:

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

This is the fix plan of the community

LiteLoaderBDS/BugFix.cpp at master · LiteLDev/LiteLoaderBDS (github.com)

ServerNetworkHandler::handle(NetworkIdentifier const &,DisconnectPacket const &)

ServerNetworkHandler::handle(NetworkIdentifier const &,LevelSoundEventPacketV2 const &) and so on.

This is the fix plan of the community

https://github.com/LiteLDev/LiteLoaderBDS/blob/main/LiteLoader/Main/BuiltinBugFix.cpp

CVE-2021-45383 & CVE-2021-45384

https://github.com/nt1dr/CVE-2021-45383

qingqingni 2022-01-12, 04:27:51 PM

Changed summary:

Please fix DisconnectPacket Bugs Please fix CVE-2021-45383 & CVE-2021-45384

Maciej Piornik 2022-01-13, 03:28:58 PM

Added is duplicated by link:
MCPE-150816Security vulnerability: NULL pointer dereference in ServerNetworkHandler::handle(DisconnectPacket)Duplicate

qingqingni 2022-02-09, 04:58:02 PM

Added affects versions: 1.18.10

qingqingni 2022-02-09, 04:58:57 PM

Deleted comment:

yeah

Maciej Piornik 2022-02-16, 02:50:36 PM

Added is duplicated by link:
BDS-16752Several network layer vulnerabilities exist that seriously harm the security of the BDS serverDuplicate

qingqingni 2022-02-24, 12:10:34 PM

Added affects versions: 1.18.12 Hotfix

qingqingni 2022-04-22, 06:30:15 PM

Added affects versions: 1.18.30

qingqingni 2022-06-28, 05:28:16 PM

Added affects versions: 1.19.2 Hotfix 1.19.0

qingqingni 2022-07-08, 07:02:58 AM

Deleted comment:

As far as I can see, there are many more deserialization vulnerabilities that exist in bds

For example, CVE-2022-23884,CVE-2022-28535,CVE-2022-28536

These are the typical ones, and there are many similar to them

qingqingni 2022-07-17, 08:23:49 PM

Added affects versions: 1.19.10

[Mod] Greymagic27 2024-01-03, 07:18:16 PM

Resolution: Unresolved → Fixed