CrashExploitFixer

This modification eliminates a critical server vulnerability that led to immediate denial of service. Although Mojang partially fixed the issue in Minecraft version 1.21.1, malicious actors can still cause server crashes immediately after connecting to it.

According to current estimates, this vulnerability is present in all game versions starting from 1.14.4!

Which Minecraft versions are at risk?

It has been confirmed that all versions from 1.14.4 to 1.21 inclusive contain this vulnerability. The problem likely appeared as early as snapshot 17w45b for version 1.13.

How difficult is it to exploit this vulnerability?

There's an important nuance here. In version 1.21.1, Mojang fixed two different crash-causing vulnerabilities at once! One became widely known through a YouTube video and requires complex preparation to use. However, the second vulnerability allows any player with server access (without special permissions) to instantly crash it by sending just one malicious data packet!

Transparency and Reliability

We strive for maximum openness and transparency:

• The project is open source and available for review on GitHub
• The modification has minimal size - all fix logic is contained in one small mixin and implements a proven solution from Paper that already successfully works on approximately 100,000 servers
• The mod is already included in many popular modpacks