Changes

1,070 bytes added ,  05:17, 17 January 2015
no edit summary
Line 286: Line 286:  
| 2012
 
| 2012
 
| [[User:Ichfly|Ichfly]]
 
| [[User:Ichfly|Ichfly]]
 +
|}
 +
 +
=== General/CTRSDK ===
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Summary
 +
!  Description
 +
!  Successful exploitation result
 +
!  Fixed in version
 +
!  Last version this flaw was checked for
 +
!  Timeframe this was discovered
 +
!  Discovered by
 +
|-
 +
| [[NWM_Services|UDS]] beacon additional-data buffer overflow
 +
| Originally CTRSDK did not validate the UDS additional-data size before using that size to copy the additional-data to a [[NWM_Services|networkstruct]]. This was eventually fixed.
 +
This was discovered while doing code RE with an old dlp-module version. It's unknown in what specific CTRSDK version this was fixed, or even what system-version updated titles with a fixed version.
 +
 +
It's unknown if there's any titles using a vulnerable CTRSDK version which are also exploitable with this(dlp module can't be exploited with this).
 +
 +
The maximum number of bytes that can be written beyond the end of the outbuf is 0x37-bytes, with additionaldata_size=0xFF.
 +
| Perhaps ROP, very difficult if possible with anything at all
 +
| ?
 +
|
 +
| September(?) 2014
 +
| [[User:Yellows8|Yellows8]]
 
|}
 
|}