nineMinecraft is a joke site.
nineMinecraft is in no way affiliated with Modrinth or 9minecraft.
CrashExploitFixer

CrashExploitFixer

Mod

This mod fixes a bunch of crash exploits discovered in Minecraft.

Server ManagementOptimizationUtility
1.52M downloads
67 followers
Created2 years ago
Updated23 days ago
Report Follow

CrashExploitFixer

The mod currently patches three different exploits for all affected Minecraft versions from 1.14.4 to Latest!

Entity Selector NBT Stack Overflow

A stack overflow vulnerability in Minecraft versions 1.14.4 through the latest release at the time of writing allows attackers to crash servers by abusing deeply nested NBT data inside entity selectors, causing recursive parsing in TagParser to exhaust the JVM stack. While Minecraft 1.21.1 prevents unprivileged players from triggering the issue through entity selectors, operators and creative-mode players can still reproduce the crash on unpatched servers. Notably, PaperMC discovered and patched the underlying parser issue months earlier.

Blogpost from haykam: haykam.com

Excessive Network Object Allocation

A denial-of-service vulnerability affecting Minecraft networking allowed authenticated players to crash servers by sending malicious packets that triggered excessive memory allocation during collection deserialization through FriendlyByteBuf.readCollection, FriendlyByteBuf.readMap, or related methods. While the issue was exploitable through a Fabric API packet and likely many modded packets across different loaders, NeoForge and Fabric patched the issue for their most active versions (NeoForge: 1.21.1 and 26.1, Fabric: 1.20.1, 1.21.1, 1.21.11, 26.1, 26.2). CrashExploitFixer patches the issue for all versions of Forge, NeoForge, and Fabric and is compatible with their fixes.

Many thanks to Paul for reporting this in private

Blogpost from NeoForge: neoforged.net

Translatable Component Expansion

A denial-of-service vulnerability affecting Minecraft 1.16 through 1.21.4 allowed attackers to craft recursively expanding text components that could inflate into enormous strings during parsing, flattening, or calls such as Component#getString(), leading to severe memory exhaustion and client or server soft-crashes. Newer research showed that specially constructed hover-event payloads could trigger the issue without elevated permissions in vanilla 1.20.5–1.21.4. PaperMC had already protected against this class of exploit for years, while modded environments remain especially vulnerable due to widespread use of FriendlyByteBuf#readComponent() and related component deserialization paths in network packets.

Many thanks to Paul for reporting this in private

External resources

IssuesSourceDiscordKo-fi

Featured versions

See all
CrashExploitFixer Forge 2.0.0+1.21
Forge 1.20.5, 1.20.6, 1.21
Release
CrashExploitFixer Fabric 2.0.0+1.21
Fabric, Quilt 1.20.5, 1.20.6, 1.21
Release
CrashExploitFixer NeoForge 1.1.0+1.21
NeoForge 1.20.5, 1.20.6, 1.21, 1.21.1, 1.21.2, 1.21.3, 1.21.4
Release
CrashExploitFixer Forge 2.0.0+1.20.4
Forge 1.19–1.20.4
Release
CrashExploitFixer Fabric 2.0.0+1.20.4
Fabric, Quilt 1.19–1.20.4
Release
CrashExploitFixer NeoForge 1.1.0+1.20.4
NeoForge 1.20.3–1.20.4
Release
CrashExploitFixer Forge 1.1.0+1.20.1
Forge 1.14.4–1.20.1
Release
CrashExploitFixer Fabric 2.0.0+1.18.2
Fabric, Quilt 1.18–1.18.2
Release
CrashExploitFixer Fabric 2.0.0+1.17.1
Fabric, Quilt 1.17–1.17.1
Release
CrashExploitFixer Fabric 2.0.0+1.16.5
Fabric, Quilt 1.16–1.16.5
Release
CrashExploitFixer Fabric 2.0.0+1.15.2
Fabric, Quilt 1.15–1.15.2
Release
CrashExploitFixer Fabric 2.0.0+1.14.4
Fabric, Quilt 1.14.4
Release

Project members

DrexHD

Owner

Technical information

License
GPL-3.0-only
Client side
unsupported
Server side
required
Project ID
Expand Down