Mojira Archive
MC-275020

Creative mode server crash exploit

This exploit uses the same concept as the one that was fixed yesterday, but requires creative. It causes a stack overflow when parsing entity selector nbt on the server.

The entity selector is now only parsed for players with OP in most places (but not in text component selectors). It is possible for players in creative mode (without OP) to crash a server by creating a malicious item that contains the malicious selector in it's block entity data CustomName (which is stored as a string, hence bypassing network decoding limits). The server can then be crashed by placing the item.

I have attached a hotbar save, with a malicious item in the first slot of the first saved hotbar.

To reproduce:

  • Use the attached hotbar save
  • Join a server and get creative, but no OP
  • Load the chest using the hotbar save
  • Place the chest somewhere (not in spawn protected chunks lol)

 

This exploit idea is from haykam, but I am not sure if they reported it. And I don't want to get "Insert y u no report bug meme here." again lol.

Unresolved

DrexHD

2024-08-08, 09:43 AM

2024-09-10, 12:11 PM

1

0

Plausible

Very Important

Platform

Crash, Dedicated Server

1.21.1 Release Candidate 1, 1.21.1

-