Changes

Jump to navigation Jump to search

3DS System Flaws (edit)

Revision as of 05:24, 15 March 2015

524 bytes added ,  05:24, 15 March 2015
→‎ARM11 system modules
Line 291: Line 291:  
!  Timeframe this was discovered
 
!  Timeframe this was discovered
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| [[News_Services|NEWSS]] service command notificationID validation failure
 +
| This module does not validate the input notificationID for <nowiki>"news:s"</nowiki> service commands. This is an out-of-bounds array index bug. For example, [[NEWSS:SetNotificationHeader]] could be used to exploit news module: this copies the input data(size is properly checked) to: out = newsdb_savedata+0x10 + (someu32array[notificationID]*0x70).
 +
| ROP under news module.
 +
| None
 +
| [[9.0.0-20]]
 +
| December 2014
 +
| [[User:Yellows8|Yellows8]]
 
|-
 
|-
 
| [[HID_Services|HID]] module shared-mem
 
| [[HID_Services|HID]] module shared-mem
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/11921"

Navigation menu