FiveM Security Advisory - 2018-12-13

A vulnerability in the FiveM FXServer resource handling code could allow a remote attacker to cause a C++ exception, resulting in a denial of service (DoS) condition.

This vulnerability is caused by a off-by-one error in network packet parsing, and can be triggered by sending specially crafted UDP packets to an existing FiveM game connection.

We have addressed this vulnerability in server releases starting at build 923. You can tell what version you’re running by either:

  • Accessing https://host:port/info.json and checking the server field.
  • Running the version command in the server (remote) console.

We are currently aware of attackers using this vulnerability in the wild, so it is strongly recommended to upgrade your server instances to this version or higher (if available).

CVSS score: 6.5 (Medium)