漏洞标题
使用xpcall对OpenComputers进行拒绝服务攻击
漏洞描述信息
OpenComputers是一个为Minecraft游戏添加可编程电脑和机器人的模组。用户可以使用OpenComputers让游戏中的Lua虚拟机中的线程陷入僵局,最终导致服务器线程阻塞,需要强制关闭服务器。这可以通过模组中的任何设备实现,且任何能在设备上执行Lua代码的人都可以执行此操作。此问题发生在使用原生Lua库时,LuaJ似乎没有这个问题。此漏洞在版本1.8.4中已修复。GregTech: New Horizons模组包使用了其自定义修改版的OpenComputers,他们在版本1.10.10-GTNH中应用了相关的修复补丁。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
漏洞类别
输入验证不恰当
漏洞标题
OpenComputers Denial of Service using xpcall
漏洞描述信息
OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device in the mod and can be performed by anyone who can execute Lua code on them. This occurs while using the native Lua library. LuaJ appears to not have this issue. This vulnerability is fixed in 1.8.4. The GregTech: New Horizons modpack uses its own modified version of OpenComputers. They have applied the relevant patch in version 1.10.10-GTNH.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
漏洞类别
不加限制或调节的资源分配
漏洞标题
OpenComputers 安全漏洞
漏洞描述信息
OpenComputers是OpenComputers开源的一个 Minecraft 模组。 OpenComputers 1.8.3及之前版本存在安全漏洞,该漏洞源于使用函数xpcall()时存在拒绝服务(DOS)漏洞。
CVSS信息
N/A
漏洞类别
其他