Minecraft Crash Exploit Discovered

At UltraServers, we highly prioritize the security of our clients and their game servers. That is why we have decided to create this blog post. While some of you may already be aware of this, we still want to inform everyone, so proper measures can be taken.

Recently, a critical crash exploit has been discovered that affects every Minecraft version and server software due to a vulnerability in Mojang’s code. The exploit in question allows a malicious actor to easily crash servers or cause severe lag, and negatively impact the gameplay of those who are playing on your game server.

We want to be very clear, this exploit is in no way or shape linked to our service. However, security and reliability are one of our utmost priorities. We feel a responsibility to inform our clients of matters that could impact their gaming experience while using our services.

The Exploit

The exploit is made possible because Mojang is not fully validating certain sanity checks and packets being sent. This means that a malicious actor can spam the server with invalid packets, and effectively overload the server’s resources. Thus causing extreme lag, which could lead to a server crash.

The console output in the above image shows how the exploit would look on an affected server.

What Now?

As previously mentioned, this exploit affects every Minecraft server version and server software. Unless you are using the latest build (1.20.2) of Paper, or any fork of Paper, you are most certainly vulnerable to this exploit.

We decided to publish this blog post in an effort to raise awareness of the issue and provide solutions to ensure our clients are able to continue operating their game servers without interruption. Below, you will find some solutions for different server software.

Paper

The simplest fix if you are using Paper, or any fork of Paper, is to update your server. The latest build of 1.20.2 includes a patch that will fix the issue. Simply follow this guide to update your server using the latest jar of Paper.

If you do not want to update to 1.20.2, and would rather stay on version 1.20.1, there is a hotfix that you can apply to your server. It is provided by electronicboy, a member of the PaperMC development team.

Pufferfish 1.20.1 users who would rather rely on the server software patch are able to join the developer’s official discord server and download a special build that has the patch added to it located in their announcement channel.

Bukkit/Spigot/Paper

There are multiple options for fixing this exploit. While we believe the following options to be safe, do keep in mind that when downloading plugins from another source it is ideal to check yourself, and make an informed decision. The plugins below are open source, meaning it is possible to compile or at least review the code.

Fabric/Forge

Fabric/Forge users are able to use a mod known as FixContainerSlotExploit however this only works for servers above 1.16.5 and the source can be found here.

Disclaimer: Please note that although we’ve taken steps to ensure the safety of the mod, it was created by a third-party developer. We recommend reviewing the mod personally before downloading. The mod’s open-source code allows you to read or even compile the code, rather than requiring you to use tools to analyze the jar for safety verification.

Vanilla

Unfortunately, you are out of luck. There are no current ways of fixing the exploit if you are running a Vanilla server. If you wish to keep vanilla/technical mechanics, you can migrate your server to FabricMC.

Conclusion

At UltraServers, your peace of mind and satisfaction are of paramount importance. Should you have any questions or concerns, please reach out to us via ticket or Discord server.

Be safe and take care!