680 bytes added ,  02:12, 10 April 2021
Add isfshax
| None
| derrek, [[User:Plutoo|plutoo]], [[User:Naehrwert|naehrwert]], [[User:Yellows8|yellows8]], [[User:Shuffle2|shuffle2]] and [[User:Hexkyz|hexkyz]]
| isfshax (stack overflow while processing ISFS superblock directory entries)
| Upon startup, boot1 loads and processes the latest SLC ISFS superblock. Directory entries are parsed using a recursive function without any limitation on recursion depth. A carefully crafted superblock with a sufficient directory depth can be used to overwrite memory preceding the boot1 stack and eventually gain arbitrary code execution. For example, it is possible to redirect FLA's FS device structure pointer to the superblock area, allowing an attacker to point structure's functions to a controlled memory location.
| coldboot boot1 code execution
| None
| [[User:Rw-r-r_0644|rw-r-r-0644]]