A vulnerability in the FiveM FXServer remote console code could allow an unauthenticated remote attacker to cause a C++ exception, resulting in a denial of service (DoS) condition.
This vulnerability is caused by an oversight in network packet parsing, and can be triggered by sending specially crafted UDP packets to any FiveM game server.
We have addressed this vulnerability in server releases starting at build 957 for Windows, however the corresponding Linux build is non-functional due to an unrelated bug - we’re working on a hotfix release in the
feature/one-off-server-hotfix branch, and this post will be updated when it is available. You can tell what version you’re running by either:
https://host:port/info.jsonand checking the
- Running the
versioncommand in the server (remote) console.
Attackers are currently using this vulnerability in the wild, so it is practically required to upgrade your server instances to this version or higher (if available).
As a mitigation for Linux, if you do not rely on remote console commands, you can use the following
iptables command to block input remote console packets:
iptables -A INPUT -m string --algo bm --hex-string "|ffffffff72636f6e|" -j DROP
CVSS score: 7.5 (High)