3dbrew

Changes

3DS Userland Flaws (edit)

Revision as of 12:54, 18 September 2018

3 bytes removed ,  12:54, 18 September 2018
→‎Non-system applications
Line 190: Line 190:  
| Unholy Heights
 
| Unholy Heights
 
| Buffer overflow via unchecked string size
 
| Buffer overflow via unchecked string size
| The game stores some utf-16 messages in the savefile. Right before the message is the length(u32) for the string, the game uses this size to memcpy the message from the savefile to the stack without checking the length. This allows one to overwrite to some function addresses on the stack and form a rop chain.
+
| The game stores some utf-16 messages in the savefile. Right before the message is the length(u32) for the string, the game uses this size to memcpy the message from the savefile to the stack without checking the length. This allows one to overwrite some function addresses on the stack and form a rop chain.
 
| None
 
| None
 
| App: Initial Version
 
| App: Initial Version
Unknown
115

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/20829"