Critical flaw in Minecraft's code meant anybody could crash any server

4.6
A developer has exposed a vulnerability in Minecraft's code that can crash any server hosting the game.

The easily triggerable exploit, which involves flooding the server with infinitely looping requests for information about a specific inventory slot, brings Minecraft to its digital knees and starves the machines of CPU and memory.

Rather alarmingly, it's claimed that the vulnerability was privately revealed to Mojang almost two years ago, and that no action was taken by the developer at the time.

The coder who discovered the flaw, Ammar Askar, said he had made repeated attempts to draw Mojang's attention to the bug, before giving up and taking the drastic measure of publicly revealing it on his blog. Ars Technica has the nitty gritty.

"The version of the game when the vulnerability was reported was 1.6.2, the game is now on version 1.8.3," wrote Askar. "That's right, two major versions and dozens of minor versions and a critical vulnerability that allows you to crash any server, and starve the actual machines of CPU and memory was allowed to exist."

The now publicly available and easily recreatable exploit has finally drawn the attention of Mojang, who have been in touch with Askar and issued a fix.

Posted:
Related Forum: PC Gaming Forum

Source: http://www.pcgamesn.com/minecraft/a-critical-flaw-in-minecrafts-code-meant-anybody-could-crash-any-server

Related Articles

Comments

"Critical flaw in Minecraft's code meant anybody could crash any server" :: Login/Create an Account :: 20 comments

If you would like to post a comment please signin to your account or register for an account.

JRMHPosted:

Unless it actually takes money out of their pockets, they won't do anything about it. Ridiculous.
I kinda wish I knew about this beforehand though, would love to go onto corrupt servers and do it. Lol.

eSportsPosted:

is this a know thing that could ruin minecraft... i hope it gets better

DeluxeHazardPosted:

This is one thing that is so annoying about big companies. They learn about huge exploits or issues in their servers and do nothing about it. It will sooner or later affect their customers and they will be incredibly pissed off at the company for them not doing anything about it earlier to prevent the issue.

RareparrotPosted:

yeah ikr
thats not really cool

MickersPosted:

Known for so long and still not been fixed? WHY?

VauxhallPosted:

This needs to e fixed also he better get charged

DankStorm-Posted:

Wow I guess this sucks need to fix :/

FeetPosted:

Why have they still not fixed this yet?

21Posted:

That's ridiculous how long they knew about the issue and done nothing to fix it.

SkittlePosted:

This reminds me of the russian coder who found out how to delete any video from YouTube, I am surprised that Mojang did nothing to fix this!


Latest Downloads

Latest Tutorials