3DS Userland Flaws: Difference between revisions
LiquidFenrir (talk | contribs) |
→Non-system applications: smilehax |
||
| Line 71: | Line 71: | ||
| May 5, 2016 | | May 5, 2016 | ||
| [[User:Dazzozo|Dazzozo]] | | [[User:Dazzozo|Dazzozo]] | ||
|- | |||
| SmileBASIC 3.x | |||
| Poor parameter validation on "BGSCREEN" command | |||
| The SmileBASIC "BGSCREEN" command's second parameter is not properly validated as being within range. As a result, one can set the screen size to an absurdly large value. This means that the "BGGET" and "BGPUT" commands can then be used on out-of-range values to read and write a significant chunk of the interpreter's address space. | |||
With a series of carefully-designed BGPUT commands, one can build a ROP chain and cause it to be executed. | |||
| None | |||
| App: 3.31. | |||
System: [[11.0.0-33]]. | |||
| July 20, 2016 | |||
| Around June 26, 2016 | |||
| slackerSnail, 12Me12, incvoid | |||
Weaponized by MrNbaYoh and [[User:Plutooo|plutoo]]. | |||
|} | |} | ||