Changes

Jump to navigation Jump to search

Wii U system flaws (view source)

Revision as of 08:30, 7 June 2022

85 bytes added ,  08:30, 7 June 2022
m
no edit summary
Line 140: Line 140:  
| [[User:GaryOderNichts|GaryOderNichts]], [[User:Yellows8|yellows8]] (independently: January 2021)
 
| [[User:GaryOderNichts|GaryOderNichts]], [[User:Yellows8|yellows8]] (independently: January 2021)
 
|-
 
|-
| Out of bounds byteswap during USB configuration parsing
+
| Double fetch during USB configuration parsing causing out of bounds byteswap
| The Wii U doesn't verify the total length of the USB configuration descriptor. This allows placing endpoint descriptors outside of the allocated buffer which will be swapped.
+
| The Wii U doesn't verify that the total length of the USB configuration descriptor matches the total length used to determine the buffer size. This allows placing endpoint descriptors outside of the allocated buffer which will be swapped.
 
| Out of bounds byteswap in IOS-USB heap. Can lead to ROP, see [https://garyodernichts.blogspot.com/2022/06/exploiting-wii-us-usb-descriptor-parsing.html this post].
 
| Out of bounds byteswap in IOS-USB heap. Can lead to ROP, see [https://garyodernichts.blogspot.com/2022/06/exploiting-wii-us-usb-descriptor-parsing.html this post].
 
| None
 
| None
Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/3440"

Navigation menu