Impact
This vulnerability impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host.
Patches
All consumers of the library should upgrade to at least version 1.0.0.CR1-20240330.101522-15
Geyser Users: Geyser relies on this library and the latest builds (Build #478+) contains the fix.
Workarounds
There are no known workarounds beyond updating the library.
References
Questions or comments about this advisory can be addressed in the Cloudburst Discord #protocol channel.
Response to this vulnerability was part supported and funded by CubeCraft as part of it's Open Collaboration Project. We would like to thank all maintainers and volunteers who helped support the response.
Impact
This vulnerability impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host.
Patches
All consumers of the library should upgrade to at least version
1.0.0.CR1-20240330.101522-15Geyser Users: Geyser relies on this library and the latest builds (Build #478+) contains the fix.
Workarounds
There are no known workarounds beyond updating the library.
References
Questions or comments about this advisory can be addressed in the Cloudburst Discord #protocol channel.
Response to this vulnerability was part supported and funded by CubeCraft as part of it's Open Collaboration Project. We would like to thank all maintainers and volunteers who helped support the response.