3dbrew

Changes

3DS System Flaws (edit)

Revision as of 15:41, 29 June 2017

596 bytes added ,  15:41, 29 June 2017
SM unexploitable OOB write
Line 806: Line 806:  
| May 19(?)-20, 2015
 
| May 19(?)-20, 2015
 
| [[User:Yellows8|Yellows8]]
 
| [[User:Yellows8|Yellows8]]
 +
|-
 +
| [[SM]] out-of-bounds BSS write (table 1 entry too small)
 +
| After accepting a new session, [[SM]] writes a (handler ID (0 for srv: sessions (max. 64), 1 for the srv:pm one), pointer to session context structure in BSS) pair in a global array. However that array is only 64-entry-big instead of 65 (as it ought to be), and no bound check is done in that regard.
 +
 +
Unfortunately, as of [[11.4.0-37]], the overwritten fields are totally unused after their initialization by <code>__libc_init_array</code>.
 +
| Not currently exploitable
 +
| None
 +
| [[11.4.0-37]]
 +
| June 29, 2017
 +
| [[User:TuxSH|TuxSH]]
 
|}
 
|}
  
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/20119"