3DS System Flaws: Difference between revisions
→Hardware: It's because FIRM partitions don't have a MAC. |
|||
| Line 611: | Line 611: | ||
! Timeframe this was added to wiki | ! Timeframe this was added to wiki | ||
! Discovered by | ! Discovered by | ||
|- | |||
| [[IR_Services|IR]]: Stack buffer overflow with custom hardware | |||
| Originally IR sysmodule used the read value from the I2C-IR registers TXLVL and RXLVL without validating them at all. See [[10.6.0-31|here]] for the fix. This is the size used for reading the data-recv FIFO, etc. The output buffer for reading is located on the stack. | |||
This should be exploitable if one could successfully setup the custom hardware for this and if the entire intended sizes actually get read from I2C. | |||
| ROP under IR sysmodule. | |||
| [[10.6.0-31|10.6.0-31]] | |||
| | |||
| February 23, 2016 (Unknown if it was noticed before then) | |||
| February 23, 2016 | |||
| [[User:Yellows8|Yellows8]] | |||
|- | |- | ||
| [[NIM_Services|NIM]]: Downloading old title-versions from eShop | | [[NIM_Services|NIM]]: Downloading old title-versions from eShop | ||