3dbrew

Changes

3DS System Flaws (edit)

Revision as of 20:44, 10 April 2016

945 bytes added ,  20:44, 10 April 2016
→‎Standalone Sysmodules
Line 611: Line 611:  
!  Timeframe this was added to wiki
 
!  Timeframe this was added to wiki
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| [[DLP_Services|DLP]]: Out-of-bounds memory access during spectator [[Download_Play|data-frame]] checksum calculation
 +
| DLP doesn't validate the frame_size when receiving spectator data-frames at all, unlike non-spectator data-frames. The actual spectator data-frame parsing code doesn't use that field either. However, the data-frame checksum calculation code called during checksum verification does use the frame_size for loading the size of the framebuf.
 +
 +
Hence, using a large frame_size like 0xFFFF will result in the checksum calculation code reading data out-of-bounds. This isn't really useful, you could trigger a remote local-WLAN DLP-sysmodule crash while a 3DS system is scanning for DLP networks(due to accessing unmapped memory), but that's about all(trying to infoleak with this likely isn't useful either).
 +
|
 +
| None
 +
| [[10.0.0-27|10.0.0-X]]
 +
| April 8, 2016 (Tested on the 10th)
 +
| April 10, 2016
 +
| [[User:Yellows8|Yellows8]]
 
|-
 
|-
 
| [[IR_Services|IR]]: Stack buffer overflow with custom hardware
 
| [[IR_Services|IR]]: Stack buffer overflow with custom hardware
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/16645"