{"id":2225,"date":"2023-11-09T16:20:07","date_gmt":"2023-11-09T16:20:07","guid":{"rendered":"https:\/\/ultraservers.com\/blog\/?p=2225"},"modified":"2026-02-25T16:45:55","modified_gmt":"2026-02-25T16:45:55","slug":"minecraft-crash-exploit-discovered","status":"publish","type":"post","link":"https:\/\/ultraservers.com\/blog\/minecraft-crash-exploit-discovered\/","title":{"rendered":"Minecraft Crash Exploit Discovered"},"content":{"rendered":"\n<p>At UltraServers, we highly prioritize the security of our clients and their game servers. That is why we have decided to create this blog post. While some of you may already be aware of this, we still want to inform everyone, so proper measures can be taken.<\/p>\n\n\n\n<p>Recently, a critical crash exploit has been discovered that affects every Minecraft version and server software due to a vulnerability in Mojang&#8217;s code. The exploit in question allows a malicious actor to easily crash servers or cause severe lag, and negatively impact the gameplay of those who are playing on your game server. <\/p>\n\n\n\n<p>We want to be very clear, this exploit is in no way or shape linked to our service. However, security and reliability are one of our utmost priorities. We feel a responsibility to inform our clients of matters that could impact their gaming experience while using our services.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">The Exploit<\/h2>\n\n\n\n<p>The exploit is made possible because Mojang is not fully validating certain sanity checks and packets being sent. This means that a malicious actor can spam the server with invalid packets, and effectively overload the server&#8217;s resources. Thus causing extreme lag, which could lead to a server crash.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/ultraservers.com\/docs\/uploads\/images\/gallery\/2023-11\/crash-exploit.png\" alt=\"\"\/><\/figure>\n\n\n\n<p>The console output in the above image shows how the exploit would look on an affected server.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">What Now?<\/h2>\n\n\n\n<p>As previously mentioned, this exploit affects every Minecraft server version and server software. Unless you are using the latest build (1.20.2) of Paper, or any fork of Paper, you are most certainly vulnerable to this exploit.<\/p>\n\n\n\n<p>We decided to publish this blog post in an effort to raise awareness of the issue and provide solutions to ensure our clients are able to continue operating their game servers without interruption. Below, you will find some solutions for different server software.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Paper<\/h3>\n\n\n\n<p>The simplest fix if you are using Paper, or any fork of Paper, is to update your server. The latest build of 1.20.2 includes a patch that will fix the issue. Simply follow <a href=\"https:\/\/docs.ultraservers.com\/minecraft\/server-management\/change-the-minecraft-server-type\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">this guide<\/a> to update your server using the latest jar of Paper.<\/p>\n\n\n\n<p>If you do not want to update to 1.20.2, and would rather stay on version 1.20.1, there is a <a href=\"https:\/\/github.com\/electronicboy\/Paper\/releases\/tag\/1.20.1-hotfix.1\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">hotfix<\/a> that you can apply to your server. It is provided by electronicboy, a member of the <a href=\"https:\/\/papermc.io\/team\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">PaperMC<\/a> development team.<\/p>\n\n\n\n<p>Pufferfish 1.20.1 users who would rather rely on the server software patch are able to join the developer&#8217;s official discord server and download a special build that has the patch added to it located in their announcement channel.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Bukkit\/Spigot\/Paper<\/h3>\n\n\n\n<p>There are multiple options for fixing this exploit. While we believe the following options to be safe, do keep in mind that when downloading plugins from another source it is ideal to check yourself, and make an informed decision. The plugins below are open source, meaning it is possible to compile or at least review the code.<\/p>\n\n\n\n<div id=\"wp-block-themeisle-blocks-icon-list-1bb077fa\" class=\"wp-block-themeisle-blocks-icon-list\">\n<div id=\"wp-block-themeisle-blocks-icon-list-item-4220deac\" class=\"wp-block-themeisle-blocks-icon-list-item\"><i class=\"fas fa-circle wp-block-themeisle-blocks-icon-list-item-icon\"><\/i><p class=\"wp-block-themeisle-blocks-icon-list-item-content\">A plugin called <a href=\"https:\/\/www.spigotmc.org\/resources\/anticrasher.113404\/\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Anticrasher<\/a> made by SmashyAlts aka ProgamingDK (<a href=\"https:\/\/bstats.org\/plugin\/bukkit\/AntiPacketCrash\/20218\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Bstats<\/a>)<\/p><\/div>\n\n\n\n<div id=\"wp-block-themeisle-blocks-icon-list-item-038b75ea\" class=\"wp-block-themeisle-blocks-icon-list-item\"><i class=\"fas fa-circle wp-block-themeisle-blocks-icon-list-item-icon\"><\/i><p class=\"wp-block-themeisle-blocks-icon-list-item-content\">Using GrimAC a well-known Anticheat plugin that has a crash check for this. You can grab the jar with the patch <a href=\"https:\/\/github.com\/GrimAnticheat\/Grim\/suites\/17912552144\/artifacts\/1028947563\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">here<\/a>, but it does require a GitHub account to download.<\/p><\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Fabric\/Forge<\/h3>\n\n\n\n<p>Fabric\/Forge users are able to use a mod known as <a href=\"https:\/\/legacy.curseforge.com\/minecraft\/mc-mods\/fixcontainerslotexploit\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">FixContainerSlotExploit<\/a> however this only works for servers above 1.16.5 and the source can be found <a href=\"https:\/\/github.com\/Jarva\/FixContainerSlotExploit\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">here<\/a>.<\/p>\n\n\n\n<p><em>Disclaimer: Please note that although we&#8217;ve taken steps to ensure the safety of the mod, it was created by a third-party developer. We recommend reviewing the mod personally before downloading. The mod&#8217;s open-source code allows you to read or even compile the code, rather than requiring you to use tools to analyze the jar for safety verification.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Vanilla<\/h3>\n\n\n\n<p>Unfortunately, you are out of luck. There are no current ways of fixing the exploit if you are running a Vanilla server. If you wish to keep vanilla\/technical mechanics, you can migrate your server to <a href=\"https:\/\/fabricmc.net\/use\/server\/\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">FabricMC<\/a>.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>At UltraServers, your peace of mind and satisfaction are of paramount importance. Should you have any questions or concerns, please reach out to us via <a href=\"https:\/\/ultraservers.com\/supporttickets.php\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">ticket<\/a> or <a href=\"https:\/\/discord.ultraservers.com\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Discord server<\/a>. <\/p>\n\n\n\n<p>Be safe and take care!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At UltraServers, we highly prioritize the security of our clients and their game servers. That is why we have decided to create this blog post. While some of you may already be aware of this, we still want to inform everyone, so proper measures can be taken. Recently, a critical crash exploit has been discovered [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":2228,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[25],"tags":[],"aioseo_notices":[],"uagb_featured_image_src":{"full":["https:\/\/ultraservers.com\/blog\/wp-content\/uploads\/2023\/10\/usblog_category_community.jpeg",2048,2048,false],"thumbnail":["https:\/\/ultraservers.com\/blog\/wp-content\/uploads\/2023\/10\/usblog_category_community.jpeg",150,150,false],"medium":["https:\/\/ultraservers.com\/blog\/wp-content\/uploads\/2023\/10\/usblog_category_community.jpeg",300,300,false],"medium_large":["https:\/\/ultraservers.com\/blog\/wp-content\/uploads\/2023\/10\/usblog_category_community.jpeg",768,768,false],"large":["https:\/\/ultraservers.com\/blog\/wp-content\/uploads\/2023\/10\/usblog_category_community.jpeg",1024,1024,false],"1536x1536":["https:\/\/ultraservers.com\/blog\/wp-content\/uploads\/2023\/10\/usblog_category_community.jpeg",1536,1536,false],"2048x2048":["https:\/\/ultraservers.com\/blog\/wp-content\/uploads\/2023\/10\/usblog_category_community.jpeg",2048,2048,false]},"uagb_author_info":{"display_name":"varg","author_link":"https:\/\/ultraservers.com\/blog\/author\/erik\/"},"uagb_comment_info":0,"uagb_excerpt":"At UltraServers, we highly prioritize the security of our clients and their game servers. That is why we have decided to create this blog post. While some of you may already be aware of this, we still want to inform everyone, so proper measures can be taken. Recently, a critical crash exploit has been discovered&hellip;","_links":{"self":[{"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/posts\/2225"}],"collection":[{"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/comments?post=2225"}],"version-history":[{"count":20,"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/posts\/2225\/revisions"}],"predecessor-version":[{"id":3171,"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/posts\/2225\/revisions\/3171"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/media\/2228"}],"wp:attachment":[{"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/media?parent=2225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/categories?post=2225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ultraservers.com\/blog\/wp-json\/wp\/v2\/tags?post=2225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}