LAN game discovering can cause game crash through exploiting

LAN game discovering has a issue that can make the games on all machines in the LAN crash. Affected Minecraft versions are all versions from 1.7.2 to the latest.

The attacker just need to send a lot of IGMP packets with a specific format to 224.0.2.60:4445, then the games will crash when players open the Multiplayer GUI. It affects all machines in the LAN.

This issue is caused by the incorrect usage of ArrayList in LAN game discovering. LAN game discovering runs on another thread apart from the main thread of Minecraft. But it puts discovered servers in an instance of ArrayList which is not thread-safe and has no extra protection. And in the logic of the Multiplayer GUI, it traverses all discovered LAN servers in the list using the enhanced for loop, which is based on iterators. So it will cause ConcurrentModificationException if some new LAN games are discovered during the traversal process, which will make the game crash. Interestingly, the lower version does not have this issue because they traverses all discovered LAN servers in the list by getting the elements in the list one by one.

To exploit this issue, as I have mentioned it above, you just need to send a lot of IGMP packets with a specific format to 224.0.2.60:4445. Exactly, the format is "[MOTD](something)[/MOTD][AD](something which is unique for each packet)[/AD]".

My friends and I made a program which can be used to recurrent this issue. You just need to open it, launch Minecraft, and open the Multiplayer GUI. I've put it into the attachments with a gif showing its effect. Pardon me with not using 1.17.1 because I cannot run Minecraft 1.17 or higher on my machine when I use Windows, but it's confirmed by my friend that it works on 1.17.1.