A security researcher has posted an exploit which could allow a hacker to crash Minecraft servers with ease.
In a blog post published Thursday, Ammar Askar said he informed the game's creator Mojang almost two years ago of the flaw, but was "ignored" or "given highly unsatisfactory responses."
By exploiting a weakness in how the Minecraft server decompresses and parses data, the server will run out of memory under the extreme processor load.
"The fix for this vulnerability isn't exactly that hard," Askar wrote. He suggested, citing his initial communication with Mojang, that "some form of recursion and size limits should be implemented."
But that still hasn't happened, he says. Askar said he found the bug in version 1.6.2, released July 2013, but it still exists two major updates later in version 1.8.3.
Askar posted a proof-of-concept exploit to his GitHub page.
"I don't want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act upon it," he wrote. "Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time."
Microsoft, which last year bought Mojang for $2.5 billion, did not immediately respond to comment.