Changes

418 bytes added ,  04:35, 15 March 2015
→‎Non-system applications: Besides the other changes, moved CN-vuln entry since that's newer.
Line 9: Line 9:  
!  Fixed in version
 
!  Fixed in version
 
!  Last version this flaw was checked for
 
!  Last version this flaw was checked for
!  Timeframe this was discovered
+
!  Timeframe info related to this was added to wiki
Discovered by
+
!  Timeframe this vuln was discovered
 +
Vuln discovered by
 +
|-
 +
| Cubic Ninja
 +
| Map-data stack smash
 +
| See [[Ninjhax|here]] regarding Ninjhax.
 +
| None
 +
|
 +
| Ninjhax release
 +
| July 2014
 +
| [[User:smea|smea]]
 
|-
 
|-
 
| The Legend of Zelda: Ocarina of Time 3D
 
| The Legend of Zelda: Ocarina of Time 3D
Line 16: Line 26:  
| The u8 at offset 0x2C in the savefile is the character-length of the UTF-16 string at offset 0x1C. When copying this string, it's essentially a memory-copy with lenval*2, not a string-copy. This can be used to trigger buffer overflows at various locations depending on the string length.
 
| The u8 at offset 0x2C in the savefile is the character-length of the UTF-16 string at offset 0x1C. When copying this string, it's essentially a memory-copy with lenval*2, not a string-copy. This can be used to trigger buffer overflows at various locations depending on the string length.
 
Length value>=0xCD causes a crash while loading the saveslot, via a heap buffer overflow. When value is >=0x6E it crashes when saving the saveslot, this causes a stack-smash however it normally crashes before it returns from the function which had the stack-frame overwritten. With value >=0x9A, it crashes via stack-smash in-game once any dialogs are opened(touching buttons on the touch-screen to enter certain menu(s) can trigger it too).
 
Length value>=0xCD causes a crash while loading the saveslot, via a heap buffer overflow. When value is >=0x6E it crashes when saving the saveslot, this causes a stack-smash however it normally crashes before it returns from the function which had the stack-frame overwritten. With value >=0x9A, it crashes via stack-smash in-game once any dialogs are opened(touching buttons on the touch-screen to enter certain menu(s) can trigger it too).
 +
 +
On March 11, 2015, an exploit using this vuln was released, that one was intended for warez/etc. The following exploit wasn't released before then mainly because doing so would (presumably) result in the vuln being fixed. The following old exploit was released on March 14, 2015: [https://github.com/yellows8/oot3dhax].
 
| None
 
| None
 
|  
 
|  
 +
| March 11, 2015
 
| Around October 22, 2012
 
| Around October 22, 2012
 
| [[User:Yellows8|Yellows8]]
 
| [[User:Yellows8|Yellows8]]
|-
  −
| Cubic Ninja
  −
| Map-data stack smash
  −
| See [[Ninjhax|here]] regarding Ninjhax.
  −
| None
  −
|
  −
| July 2014
  −
| [[User:smea|smea]]
   
|}
 
|}