Changes

Jump to navigation Jump to search

3DS Userland Flaws (edit)

Revision as of 20:44, 27 July 2016

5 bytes removed ,  20:44, 27 July 2016
→‎Non-system applications
Line 76: Line 76:  
| The SmileBASIC "BGSCREEN" command's second parameter is not properly validated as being within range.  As a result, one can set the screen size to an absurdly large value.  This means that the "BGGET" and "BGPUT" commands can then be used on out-of-range values to read and write a significant chunk of the interpreter's address space.
 
| The SmileBASIC "BGSCREEN" command's second parameter is not properly validated as being within range.  As a result, one can set the screen size to an absurdly large value.  This means that the "BGGET" and "BGPUT" commands can then be used on out-of-range values to read and write a significant chunk of the interpreter's address space.
 
With a series of carefully-designed BGPUT commands, one can build a ROP chain and cause it to be executed.
 
With a series of carefully-designed BGPUT commands, one can build a ROP chain and cause it to be executed.
| None
+
| App: 3.3.2.
| App: 3.31.
+
| System: [[11.0.0-33]].
System: [[11.0.0-33]].
   
| July 20, 2016
 
| July 20, 2016
 
| Around June 26, 2016
 
| Around June 26, 2016
 
| slackerSnail, 12Me12, incvoid
 
| slackerSnail, 12Me12, incvoid
Weaponized by MrNbaYoh and [[User:Plutooo|plutoo]].
+
Exploited by MrNbaYoh and [[User:Plutooo|plutoo]].
 
|}
 
|}
  
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/17824"

Navigation menu