BedrockProtocol icon indicating copy to clipboard operation
BedrockProtocol copied to clipboard

Published 20 hours ago verified publisher icon pmmp

Fixed server freezing vulnerabiity in multiple packets

Open Gewinum opened this issue 1 year ago • 11 comments

There is even plugin called AntiBadPackets about it, but I think some of these vulns are better to be handled here

Gewinum avatar Jul 03 '24 08:07 Gewinum

The issue is that these are arbitrary values. Ideally, Mojang themselves would put maximum values on these.

dries-c avatar Jul 03 '24 08:07 dries-c

The issue is that these are arbitrary values. Ideally, Mojang themselves would put maximum values on these.

what do you suggest then? i'm often seeing servers affected by attack

Gewinum avatar Jul 03 '24 08:07 Gewinum

The issue is that these are arbitrary values. Ideally, Mojang themselves would put maximum values on these.

what if we just increase all of them to 500 or 1000?

Gewinum avatar Jul 03 '24 08:07 Gewinum

In the absence of a maximum value defined by mojang, we can't set a maximum value ourselves.

ShockedPlot7560 avatar Jul 03 '24 08:07 ShockedPlot7560

In the absence of a maximum value defined by mojang, we can't set a maximum value ourselves.

maybe you can attempt to discuss that with them? i'm basically freezing server simply by sending million entries in textpacket

Gewinum avatar Jul 03 '24 08:07 Gewinum

In the future, please send vulnerability patches to us privately via [email protected] instead of a public pull request.

SOF3 avatar Jul 03 '24 09:07 SOF3

maybe you can attempt to discuss that with them?

imagine thinking that'd work

dktapps avatar Jul 14 '24 18:07 dktapps

maybe you can attempt to discuss that with them?

imagine thinking that'd work

whole purpose of mojang is to "improve security" and that would be really bad of them to refuse to fix vulnerability that affects BDS

Gewinum avatar Jul 14 '24 18:07 Gewinum

maybe you can attempt to discuss that with them?

imagine thinking that'd work

whole purpose of mojang is to "improve security" and that would be really bad of them to refuse to fix vulnerability that affects BDS

they've known about it for years already

dktapps avatar Jul 15 '24 09:07 dktapps

My suggestion is to set the value high enough so that there can be no problems, but low enough to avoid this kind of attack, and I would like to point out that you have forgotten a huge number of packets @Gewinum

Zwuiix-cmd avatar Aug 14 '24 04:08 Zwuiix-cmd

My suggestion is to set the value high enough so that there can be no problems, but low enough to avoid this kind of attack, and I would like to point out that you have forgotten a huge number of packets @Gewinum

no point in going on with the PR, they say mojang has no limit so pm wont have too. the best choice is to limit via proxy. as for other packets, i wanted to check if i could fix annoying textpacket vulnerability first, cause its the most op

Gewinum avatar Aug 14 '24 06:08 Gewinum

Have you ever wondered why penguins can’t fly? It’s fascinating how evolution has shaped different creatures in such unique ways. Some birds, like penguins, have adapted to swimming rather than flying, and their wings have evolved into flippers. Meanwhile, other birds just keep soaring through the skies like it’s no big deal. Nature’s designs are always so intriguing!

NebulaCodesX avatar Dec 22 '24 01:12 NebulaCodesX