3dbrew

Changes

3DS Userland Flaws (edit)

Revision as of 18:36, 26 April 2017

641 bytes added ,  18:36, 26 April 2017
Swapdoodle
Line 133: Line 133:  
| June, 2016
 
| June, 2016
 
| [[User:Nba_Yoh|MrNbaYoh]]
 
| [[User:Nba_Yoh|MrNbaYoh]]
 +
|-
 +
| Swapdoodle
 +
| Heap buffer overflow via unchecked size
 +
| The letter file format used by doodlebomb is composed of multiple chunks. Each chunks is described in the header of the file where the name, size and CRC of each chunk are stored. Some chunks are meant to be headers, every header's size should be 0x80, however the length of the STAHED1 chunk remains unchecked and the game memcpy the chunk to a 0x80 byte buffer with the length provided in the file. This way one is able to overwrite some pointers and get control of the execution flow.
 +
| App: > v1.1.1
 +
| App: v1.1.1
 +
| April 24, 2017
 +
| February, 2017
 +
| [[User:Nba_Yoh|MrNbaYoh]]
 +
 
|}
 
|}
  
Nba Yoh
28

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/19907"