Switch System Flaws: Difference between revisions
clarify |
|||
| Line 109: | Line 109: | ||
! Public disclosure timeframe | ! Public disclosure timeframe | ||
! Discovered by | ! Discovered by | ||
|- | |||
| Out-of-bounds array read for [[BCAT_Content_Container]] secret-data index | |||
| The [[BCAT_Content_Container]] secret-data index is not validated at all. This is handled before the RSA-signature(?) is ever used. Since the field is an u8, a total of 0x800-bytes relative to the array start can be accessed. | |||
This is not useful since the string loaded from this array is only involved with key-generation. | |||
| | |||
| Unknown | |||
| [[2.0.0]] | |||
| August 5, 2017 | |||
| August 6, 2017 | |||
| [[User:Yellows8|Yellows8]] | |||
|- | |- | ||
| OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names) | | OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names) | ||