Line 9: |
Line 9: |
| ! Fixed in version | | ! Fixed in version |
| ! Last version this flaw was checked for | | ! Last version this flaw was checked for |
− | ! Timeframe this was discovered | + | ! Timeframe info related to this was added to wiki |
− | ! Discovered by | + | ! Timeframe this vuln was discovered |
| + | ! Vuln discovered by |
| + | |- |
| + | | Cubic Ninja |
| + | | Map-data stack smash |
| + | | See [[Ninjhax|here]] regarding Ninjhax. |
| + | | None |
| + | | |
| + | | Ninjhax release |
| + | | July 2014 |
| + | | [[User:smea|smea]] |
| |- | | |- |
| | The Legend of Zelda: Ocarina of Time 3D | | | The Legend of Zelda: Ocarina of Time 3D |
Line 16: |
Line 26: |
| | The u8 at offset 0x2C in the savefile is the character-length of the UTF-16 string at offset 0x1C. When copying this string, it's essentially a memory-copy with lenval*2, not a string-copy. This can be used to trigger buffer overflows at various locations depending on the string length. | | | The u8 at offset 0x2C in the savefile is the character-length of the UTF-16 string at offset 0x1C. When copying this string, it's essentially a memory-copy with lenval*2, not a string-copy. This can be used to trigger buffer overflows at various locations depending on the string length. |
| Length value>=0xCD causes a crash while loading the saveslot, via a heap buffer overflow. When value is >=0x6E it crashes when saving the saveslot, this causes a stack-smash however it normally crashes before it returns from the function which had the stack-frame overwritten. With value >=0x9A, it crashes via stack-smash in-game once any dialogs are opened(touching buttons on the touch-screen to enter certain menu(s) can trigger it too). | | Length value>=0xCD causes a crash while loading the saveslot, via a heap buffer overflow. When value is >=0x6E it crashes when saving the saveslot, this causes a stack-smash however it normally crashes before it returns from the function which had the stack-frame overwritten. With value >=0x9A, it crashes via stack-smash in-game once any dialogs are opened(touching buttons on the touch-screen to enter certain menu(s) can trigger it too). |
| + | |
| + | On March 11, 2015, an exploit using this vuln was released, that one was intended for warez/etc. The following exploit wasn't released before then mainly because doing so would (presumably) result in the vuln being fixed. The following old exploit was released on March 14, 2015: [https://github.com/yellows8/oot3dhax]. |
| | None | | | None |
| | | | | |
| + | | March 11, 2015 |
| | Around October 22, 2012 | | | Around October 22, 2012 |
| | [[User:Yellows8|Yellows8]] | | | [[User:Yellows8|Yellows8]] |
− | |-
| |
− | | Cubic Ninja
| |
− | | Map-data stack smash
| |
− | | See [[Ninjhax|here]] regarding Ninjhax.
| |
− | | None
| |
− | |
| |
− | | July 2014
| |
− | | [[User:smea|smea]]
| |
| |} | | |} |
| | | |