Switch System Flaws: Difference between revisions
No edit summary |
|||
| Line 585: | Line 585: | ||
! Public disclosure timeframe | ! Public disclosure timeframe | ||
! Discovered by | ! Discovered by | ||
|- | |||
| [[WLAN_services|wlan]] SetMulticastList heap buffer overflow | |||
| The [[WLAN_services#SetMulticastList|SetMulticastList]] command allocates a 0x31-bytes sized buffer and copies to it as much [[WLAN_services#MacAddress|MacAddress]] values from the input [[WLAN_services#MulticastList|MulticastList]] as specified by the "Count" field, but this field is never validated. | |||
With [15.0.0+] error code 0x1906B is now returned if "Count" is larger than 8. | |||
| wlan-sysmodule heap buffer overflow. | |||
| [[15.0.0]] | |||
| [[15.0.0]] | |||
| June 6, 2022 | |||
| November 9, 2022 | |||
| [[User:Hexkyz|hexkyz]] | |||
|- | |- | ||
| [[Bluetooth_Driver_services|bluetooth]] BSA bsa_sv_av_cback stack buffer overflow | | [[Bluetooth_Driver_services|bluetooth]] BSA bsa_sv_av_cback stack buffer overflow | ||