6,263
edits
Changes
→Standalone Sysmodules
! Last system-module system-version this flaw was checked for
! Last system-module system-version this flaw was checked for
! Timeframe this was discovered
! Timeframe this was discovered
! Timeframe this was added to wiki
! Discovered by
! Discovered by
|-
|-
| [[9.5.0-22]]
| [[9.5.0-22]]
| March 2015
| March 2015
|
| plutoo
| plutoo
|-
|-
| New3DS: [[9.5.0-22]]
| New3DS: [[9.5.0-22]]
| December 2014?
| December 2014?
|
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|-
|-
| [[9.7.0-25|9.7.0-X]]
| [[9.7.0-25|9.7.0-X]]
| December 2014
| December 2014
|
| [[User:Yellows8|Yellows8]]
|-
| [[NWMUDS:DecryptBeaconData]] heap buffer overflow
| input_size = 0x1E * <value the u8 from input_[[NWM_Services|networkstruct]]+0x1D>. Then input_tag0 is copied to a heap buffer. When input_size is larger than 0xFA-bytes, it will then copy input_tag1 to <end_address_of_previous_outbuf>, with size=input_size-0xFA.
This can be triggered by either using this command directly, or by boadcasting a wifi beacon which triggers it while a 3DS system running the target process is in range, when the process is scanning for hosts to connect to. Processes will only pass tag data to this command when the wlancommID and other thing(s) match the values for the process.
There's no known way to actually exploit this for getting ROP under NWM-module, at the time of originally adding this to the wiki. This is because the data which gets copied out-of-bounds *and* actually causes crash(es), can't be controlled it seems(with just broadcasting a beacon at least). It's unknown whether this could be exploited from just using NWMUDS service-cmd(s) directly.
| Without any actual way to exploit this: NWM-module DoS, resulting in process termination(process crash). This breaks *everything* involving wifi comms, a reboot is required to recover from this.
| None
| [[9.0.0-20]]
| ~September 23, 2014(see the [[NWMUDS:DecryptBeaconData]] page history)
| August 3, 2015
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|-
|-
| [[9.3.0-21]]
| [[9.3.0-21]]
| 2014?
| 2014?
|
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|-
|-
| [[9.6.0-24|9.6.0-X]]
| [[9.6.0-24|9.6.0-X]]
| Early 2014
| Early 2014
|
| smea, [[User:Yellows8|Yellows8]]/others before then
| smea, [[User:Yellows8|Yellows8]]/others before then
|-
|-
| [[9.3.0-21]]
| [[9.3.0-21]]
| [[9.4.0-21]]
| [[9.4.0-21]]
|
|
|
| smea, plutoo joint effort
| smea, plutoo joint effort
| [[9.8.0-25|9.8.0-X]]
| [[9.8.0-25|9.8.0-X]]
| June(?) 2014
| June(?) 2014
|
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|-
|-
| [[9.0.0-20]]
| [[9.0.0-20]]
| 2013?
| 2013?
|
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|}
|}