Changes

Line 1,037: Line 1,037:  
|-
 
|-
 
| [[Migration_services|migration]] nn::migration::savedata::IServer cmd1 buffer overflow
 
| [[Migration_services|migration]] nn::migration::savedata::IServer cmd1 buffer overflow
| nn::migration::savedata::IServer cmd1 originally copied data from an array to the output ptr. As the output is an u64 field for the IPC cmd output, this is a field on stack. Hence, if more than 1 entry (8-bytes) are copied a stack buffer overflow will occur. Note that cmd3 loads the same data, except this has a proper output array.
+
| nn::migration::savedata::IServer cmd1 with [18.0.0-18.0.1] copies data from an array to the output ptr. As the output is an u64 field for the IPC cmd output, this is a field on stack. Hence, if more than 1 entry (8-bytes) are copied a stack buffer overflow will occur. Note that cmd3 loads the same data, except this has a proper output array.
 
It's unknown whether there's a way to actually control this data with a large enough enough size.
 
It's unknown whether there's a way to actually control this data with a large enough enough size.
    
See [[18.1.0]] for the diff/fix.
 
See [[18.1.0]] for the diff/fix.
| [[Migration_services|migration]] stack buffer overflow.
+
| [[Migration_services|migration]] stack buffer overflow, only on [18.0.0-18.0.1].
 
| [[18.1.0]]
 
| [[18.1.0]]
 
| [[18.1.0]]
 
| [[18.1.0]]