Critical flaw in Minecraft's code meant anybody could crash any server
The easily triggerable exploit, which involves flooding the server with infinitely looping requests for information about a specific inventory slot, brings Minecraft to its digital knees and starves the machines of CPU and memory.
Rather alarmingly, it's claimed that the vulnerability was privately revealed to Mojang almost two years ago, and that no action was taken by the developer at the time.
The coder who discovered the flaw, Ammar Askar, said he had made repeated attempts to draw Mojang's attention to the bug, before giving up and taking the drastic measure of publicly revealing it on his blog. Ars Technica has the nitty gritty.
"The version of the game when the vulnerability was reported was 1.6.2, the game is now on version 1.8.3," wrote Askar. "That's right, two major versions and dozens of minor versions and a critical vulnerability that allows you to crash any server, and starve the actual machines of CPU and memory was allowed to exist."
The now publicly available and easily recreatable exploit has finally drawn the attention of Mojang, who have been in touch with Askar and issued a fix.
Posted:
Related Forum: PC Gaming Forum
Source: http://www.pcgamesn.com/minecraft/a-critical-flaw-in-minecrafts-code-meant-anybody-could-crash-any-server
Related Articles
Comments
1989Posted:
XGN they will prolly do nothing about this just like Microsoft getting better protection for their servers
Its not Microsofts problem, Mojang left this to them and now MS are fixing it.
1989Posted:
Rin Not surprised. Minecraft is poorly coded and a joke to gaming.
But still gets a ton of money from all the kids.
EarnPosted:
This bug was out for over 2 years and for what I understand has never happened.. I don't think it was that big off a problem.
ItalianPosted:
Mojang did nothing before when they owned themselves.
Now that Microsoft owns them I see this being fixed as soon as possible.
Sad to see a company truly ignore a HUGE FLAW in their game because "who cares"
Now that Microsoft owns them I see this being fixed as soon as possible.
Sad to see a company truly ignore a HUGE FLAW in their game because "who cares"
PryzelPosted:
Wow, if they had know about it for 2 years and not fixed it it's pretty bad from Mojang.
Latest Downloads
- 01. [EU] CARX DRIFT RACING ONLINE - PROGRESS SAVE 6 SP DUO (CUSA15633)(1)
- 02. Fallout Shelter Modded Save PC(0)
- 03. Remember Me: SaveGame (The Game done 100%)(0)
- 04. The Long Drive: SaveGame (American pickup)(0)
- 05. Goemon's Great Adventure (US / NTSC) - Nintendo 64 Game Save(1)
- 06. The Long Drive: SaveGame (blue VW Beetle)(0)
- 07. Deadly Creatures | Complete Savegame(0)
- 08. Driift Mania | 100% Savegame(0)
- 09. LostWinds: Winter of the Melodias | 100% Savegame(0)
- 10. Lost Winds | 100% Savegame(0)
- 11. Mega Man 10 | Savegame(0)
- 12. Mega Man 9 | Savegame(0)
- 13. LASTFIGHT Secret character unlocked(1)
- 14. PC Horizon Forbidden West Complete Save(13)
- 15. Castlevania: The Adventure ReBirth | 100% Savegame(0)
Latest Tutorials
- 01. The Redress Of Mira 100% Walkthrough | Trophy & Achievement(415)
- 02. Russian Pinocchio Quick Trophy Guide(510)
- 03. Venatrix Quick Trophy & Achievement Guide(470)
- 04. Call of the Sea 100% Platinum Walkthrough(623)
- 05. Wire Lips 100% Platinum Walkthrough(573)
- 06. The Expanse 100% Platinum Walkthrough | Trophy & Achievement(534)
- 07. Doctor Who: The Edge of Reality - PS4 Platinum P/Thru(461)
- 08. Doctor Who:The Lonely Assassins - 100% Guide(437)
- 09. DAYMARE 1998 PS4 - Full game 100% TROPHY WALKTHROUGH(396)
- 10. Stray Platinum Walkthrough | Trophy & Achievement Guide(419)
- 11. Raji: An Ancient Epic | Complete Gameplay Walkthrough(557)
- 12. Corpse Killer: 25th Anniversary Edition - Longplay(510)
- 13. Song of Horror: Complete Edition Gameplay Walkthrough(377)
- 14. Remoteness 100% All Trophies Walkthrough(506)
- 15. Detective Inspector Mysterious Clues Platinum Walkthrough(461)
"Critical flaw in Minecraft's code meant anybody could crash any server" :: Login/Create an Account :: 20 comments