BDS-16701

Network-layer Vulnerabilities - Bad data packet cause BDS to crash

There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Server),which allow attacker to launch a DoS attack.
CVE-2021-45383 is an integer overflow leading to a bound check bypass.
CVE-2021-45384 is a null pointer dereference.
Here are details & PoCs & possible patches for them.
https://github.com/nt1dr/CVE-2021-45383

Linked Issues

duplicates1

BDS-15528Please fix CVE-2021-45383 & CVE-2021-45384Fixed

Comments2

Maciej Piornik 2022-01-12, 04:11:32 PM

Thank you for your report!
We're tracking this issue in ~~BDS-15528~~, so this ticket is being resolved and linked as a duplicate.

If you would like to add a vote and any extra information to the main ticket it would be appreciated.

If you haven't already, you might like to make use of the search feature to see if the issue has already been mentioned.

Quick Links:
📓 Bug Tracker Guidelines – 📧 Mojang Support
📓 Project Summary – ✍️ Feedback and Suggestions – 📖 BDS Wiki – 📖 FAQs

[Bot] Arisa 2022-01-12, 04:11:43 PM

Restricted to staff

MEQS_KEEP_PRIVATE

History3

Maciej Piornik 2022-01-12, 04:11:32 PM

Added duplicates link:
BDS-15528Please fix CVE-2021-45383 & CVE-2021-45384Fixed

Maciej Piornik 2022-01-12, 04:11:32 PM

Resolution: Unresolved → Duplicate

[Bot] Arisa 2022-01-12, 04:11:42 PM

Added Security Level: Minecraft - Private

Status:

Reporter:

Created:

2022-01-12, 03:58:01 PM

Updated:

2022-01-12, 04:11:43 PM

Resolved:

2022-01-12, 04:11:32 PM

Votes:

2

Watchers:

2

Confirmation Status:

Labels:

Affects Versions:

Fix Versions:

Links: