3dbrew

Changes

3DS System Flaws (edit)

Revision as of 04:35, 24 February 2016

652 bytes added ,  04:35, 24 February 2016
→‎Standalone Sysmodules
Line 611: Line 611:  
!  Timeframe this was added to wiki
 
!  Timeframe this was added to wiki
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| [[IR_Services|IR]]: Stack buffer overflow with custom hardware
 +
| Originally IR sysmodule used the read value from the I2C-IR registers TXLVL and RXLVL without validating them at all. See [[10.6.0-31|here]] for the fix. This is the size used for reading the data-recv FIFO, etc. The output buffer for reading is located on the stack.
 +
 +
This should be exploitable if one could successfully setup the custom hardware for this and if the entire intended sizes actually get read from I2C.
 +
| ROP under IR sysmodule.
 +
| [[10.6.0-31|10.6.0-31]]
 +
|
 +
| February 23, 2016 (Unknown if it was noticed before then)
 +
| February 23, 2016
 +
| [[User:Yellows8|Yellows8]]
 
|-
 
|-
 
| [[NIM_Services|NIM]]: Downloading old title-versions from eShop
 
| [[NIM_Services|NIM]]: Downloading old title-versions from eShop
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/15903"