6,263
edits
Changes
Jump to navigation
Jump to search
Line 9:
Line 9: − + − + + + + + + + + + + + Line 16:
Line 26: + + + − |- − | Cubic Ninja − | Map-data stack smash − | See [[Ninjhax|here]] regarding Ninjhax. − | None − | − | July 2014 − | [[User:smea|smea]]
→Non-system applications: Besides the other changes, moved CN-vuln entry since that's newer.
! Fixed in version
! Fixed in version
! Last version this flaw was checked for
! Last version this flaw was checked for
! Timeframe this was discovered
! Timeframe info related to this was added to wiki
! Discovered by
! Timeframe this vuln was discovered
! Vuln discovered by
|-
| Cubic Ninja
| Map-data stack smash
| See [[Ninjhax|here]] regarding Ninjhax.
| None
|
| Ninjhax release
| July 2014
| [[User:smea|smea]]
|-
|-
| The Legend of Zelda: Ocarina of Time 3D
| The Legend of Zelda: Ocarina of Time 3D
| The u8 at offset 0x2C in the savefile is the character-length of the UTF-16 string at offset 0x1C. When copying this string, it's essentially a memory-copy with lenval*2, not a string-copy. This can be used to trigger buffer overflows at various locations depending on the string length.
| The u8 at offset 0x2C in the savefile is the character-length of the UTF-16 string at offset 0x1C. When copying this string, it's essentially a memory-copy with lenval*2, not a string-copy. This can be used to trigger buffer overflows at various locations depending on the string length.
Length value>=0xCD causes a crash while loading the saveslot, via a heap buffer overflow. When value is >=0x6E it crashes when saving the saveslot, this causes a stack-smash however it normally crashes before it returns from the function which had the stack-frame overwritten. With value >=0x9A, it crashes via stack-smash in-game once any dialogs are opened(touching buttons on the touch-screen to enter certain menu(s) can trigger it too).
Length value>=0xCD causes a crash while loading the saveslot, via a heap buffer overflow. When value is >=0x6E it crashes when saving the saveslot, this causes a stack-smash however it normally crashes before it returns from the function which had the stack-frame overwritten. With value >=0x9A, it crashes via stack-smash in-game once any dialogs are opened(touching buttons on the touch-screen to enter certain menu(s) can trigger it too).
On March 11, 2015, an exploit using this vuln was released, that one was intended for warez/etc. The following exploit wasn't released before then mainly because doing so would (presumably) result in the vuln being fixed. The following old exploit was released on March 14, 2015: [https://github.com/yellows8/oot3dhax].
| None
| None
|
|
| March 11, 2015
| Around October 22, 2012
| Around October 22, 2012
| [[User:Yellows8|Yellows8]]
| [[User:Yellows8|Yellows8]]
|}
|}