Impact
This vulnerability impacts publicly accessible Geyser instances on the affected versions by allowing an attacker to overload Geyser instances under specific circumstances.
Patches
Geyser builds 897 and up have been patched. We urge users to update as soon as possible.
Downloads are available on the official download website: https://geysermc.org/download/
Notes
The fix further introduces a per-address connection limit. By default, it's set to a maximum of 10 connections per address, but can be increased using the -DGeyser.MaxConnectionsPerAddress system property to e.g. account for CGNAT use where more connections per-ip could happen.
Workarounds
There are no known workarounds besides updating Geyser to the latest version.
Response to this vulnerability was supported by the Open Collaboration Project. We would like to thank all maintainers and volunteers who helped support the response.
Kas-tle Remediation developer
onebeastchris Remediation developer
Impact
This vulnerability impacts publicly accessible Geyser instances on the affected versions by allowing an attacker to overload Geyser instances under specific circumstances.
Patches
Geyser builds 897 and up have been patched. We urge users to update as soon as possible.
Downloads are available on the official download website: https://geysermc.org/download/
Notes
The fix further introduces a per-address connection limit. By default, it's set to a maximum of 10 connections per address, but can be increased using the
-DGeyser.MaxConnectionsPerAddresssystem property to e.g. account for CGNAT use where more connections per-ip could happen.Workarounds
There are no known workarounds besides updating Geyser to the latest version.
Response to this vulnerability was supported by the Open Collaboration Project. We would like to thank all maintainers and volunteers who helped support the response.