Nintendo Switch Brew

Switch System Flaws: Difference between revisions

← Older editNewer edit →
Line 593: Line 593:


This can be triggered via an AVRC message with opcode=0x0 (vendor). The above type 0xC is reached via AVRC ctype 0..4, while 0xD is reached with ctype>=0x9.
This can be triggered via an AVRC message with opcode=0x0 (vendor). The above type 0xC is reached via AVRC ctype 0..4, while 0xD is reached with ctype>=0x9.
With [15.0.0+] the size value for the memcpy (which is also written to the request struct) is clamped to a max value.
| Bluetooth-sysmodule stack buffer overflow on [14.0.0-14.1.2], with data received from an AVRC bluetooth message with a bluetooth-audio device.
| Bluetooth-sysmodule stack buffer overflow on [14.0.0-14.1.2], with data received from an AVRC bluetooth message with a bluetooth-audio device.
| [[15.0.0]]
| [[15.0.0]]
Retrieved from "https://switchbrew.org/wiki/Switch_System_Flaws"