CVE-2021-45383 & CVE-2021-45384

There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Server),which allow attacker to launch a DoS attack.
CVE-2021-45383 is an integer overflow leading to a bound check bypass.
CVE-2021-45384 is a null pointer dereference.
Here are details & PoCs & possible patches for them.

Details

Because both vulnerabilities lie in the network protocol handler,attackers can launch a DoS attack without logining or being in the server player allowlist.
CVE-2021-45383 affects Bedrock Server 1.16.0-1.18.2.03.
CVE-2021-45384 is an old vulnerability and affects 1.14.0-1.18.2.03,earlier versions may be affected as well.
CVE-2021-45383 is caused by ClientCacheBlobStatusPacket::_read (packet deserializer)

//pseudo-code
u32 size1=readUnsignedVarInt();
u32 size2=readUnsignedVarInt();
if (size1+size2>0xfff){ //overflows here
    return false;
}
while(size1--){
    vector1.emplace_back(readVarInt64());
}
while(size2--){
    vector2.emplace_back(readVarInt64());
}

Attackers can choose special size1 and size2 (e.g. 0xffffffff & 0xfff) to bypass the bound check. Large sizes will cause a large loop(blocks the main thread) and allocate much memory (32G+ , may trigger an OOM error).

CVE-2021-45384 is caused by ServerNetworkHandler::handle(DisconnectPacket), which uses the return value of ServerNetworkHandler::_getServerPlayer directly.
Attackers can send a DisconnectPacket over a not properly initialized connection, and trigger a null pointer dereference in ServerNetworkHandler::handle(DisconnectPacket), which leads to a server crash.

PoCs

Disclaimer: PoCs are only excepted to be used for testing whether your server is vulnerable.Providers assume no liability and are not responsible for any misuse or damage caused by these programs. Use at your own risk.
CVE-2021-45384: python replay.py <IP> <Port> dis.dmp
CVE-2021-45383: python replay.py <IP> <Port> overflow.dmp

Patches

Patch for CVE-2021-45384 has been integrated into LiteLoader
You can hook ServerNetworkHandler::handle(DisconnectPacket) and check the result of ServerNetworkHandler::_getServerPlayer. Or simply drop all DisconnectPackets.

Patch for CVE-2021-45383:
You can hook ClientCacheBlobStatusPacket::_read and check the range of size1 & size2 separately.

Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

Related tags

Overview

CVE-2021-45383 & CVE-2021-45384

Details

PoCs

Patches

Owner

This is a js front-end encryption blasting account and password tools

Sample exploits for Zephyr CVE-2021-3625

Tor Relay availability checker, for using it as a bridge in countries with censorship

The self-hostable proxy tunnel

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

ShoLister - a tool that collects all available subdomains for specific hostname or organization from Shodan

Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

对naabu的端口扫描结果，调用nmap进行指纹识别

Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

Generate your own NFTs and their metadata based on your desired probabilities.

Hammer-DDos - Hammer DDos With Python

This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

MayorSec DNS Enumeration Tool

Confluence OGNL injection

Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

Python decompiler for Python 1.5-2.4 (for historical archive)

Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye