Changes

796 bytes added ,  22:31, 25 April 2016
Line 620: Line 620:  
!  Timeframe this was added to wiki
 
!  Timeframe this was added to wiki
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| [[MVD_Services|MVD]]: Stack buffer overflow with [[MVDSTD:SetupOutputBuffers]].
 +
| The input total_entries is not validated when initially processing the input entry-list. This fixed-size input entry-list is copied to stack from the command request. The loop for processing this initializes a global table, the converted linearmem->physaddrs used there are also copied to stack(0x8-bytes of physaddrs per entry).
 +
 +
If total_entries is too large, MVD-sysmodule will crash due to reading unmapped memory following the stack(0x10000000). Afterwards if the out-of-bounds total_entries is smaller than that, it will crash due accessing address 0x0, hence this useless.
 +
| MVD-sysmodule crash.
 +
| None
 +
| [[9.0.0-20]]
 +
| April 22, 2016 (Tested on the 25th)
 +
| April 25, 2016
 +
| [[User:Yellows8|Yellows8]]
 
|-
 
|-
 
| [[NWM_Services|NWM]]: Using CTRSDK heap with UDS sharedmem from the user-process.
 
| [[NWM_Services|NWM]]: Using CTRSDK heap with UDS sharedmem from the user-process.