Changes

Jump to navigation Jump to search
609 bytes added ,  15:31, 27 September 2021
Line 547: Line 547:  
!  Public disclosure timeframe
 
!  Public disclosure timeframe
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| Infoleak with [[HID_services|hid:sys]] SetButtonConfigStorage{name}Deprecated
 +
| These cmds pass a stack ptr for the StorageName when calling the internal func. Nothing is written to this StorageName. Hence, stack infoleak (data is copied as a NUL-terminated string), which can be later read by the GetButtonConfigStorage{name} cmds.
 +
 +
This was fixed by removing the Deprecated cmds in [[13.0.0]].
 +
| Infoleak of hid stack from a StorageName readable via GetButtonConfigStorage{name}, up to the NUL-terminator.
 +
| [[13.0.0]]
 +
| [[13.0.0]]
 +
| December 11, 2020
 +
| September 27, 2021
 +
| [[User:Yellows8|yellows8]]
 
|-
 
|-
 
| [[Bluetooth_Driver_services|bluetooth]] WriteHidData/WriteHidData2/SetHidReport unchecked memcpy size
 
| [[Bluetooth_Driver_services|bluetooth]] WriteHidData/WriteHidData2/SetHidReport unchecked memcpy size

Navigation menu