Vulnerabilities: Difference between revisions

From LRREW
Jump to navigation Jump to search
No edit summary
(add new vulnerability to inform people about new 2016 risk)
 
(4 intermediate revisions by 2 users not shown)
Line 4: Line 4:
{| class="wikitable" style=""
{| class="wikitable" style=""
|-
|-
! Vulnerability Information !! Affected Years !! Patch !! Severity
! Vulnerability Information !! Affected Applications !! Affected Dates !! Patch !! Severity
|-
|-
| Loadstring can run bytecode || Patched on August 3rd, 2012 || Disallow the execution of bytecode in the loadstring function || CRITICAL
| Loadstring can run bytecode || Client & Studio. || Patched on August 3rd, 2012 || Disallow the execution of bytecode in the loadstring function || CRITICAL
|-
|-
| :Chat has no check on length, can be used to crash RCCService || Patched in 2020 || No patch. || CRITICAL
| :Chat has no check on length, can be used to crash RCCService || RCCService. || Patched in 2020 || No patch. || CRITICAL
|-
|-
| __gc can be used to execute the sandbox || 2006-2009 || Remove the __gc metamethod. || HIGH
| Lots of UI's can cause de-spawning of CoreGUI || Studio & Client. || Patched in 2021 || No patch, [https://pastebin.com/raw/AF1yBaDc POC]. || CRITICAL
|-
|-
| __gc can be used to execute the sandbox || Needs more info. || 2006-2009 || Remove the __gc metamethod. || HIGH
|-
|-
| Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled  || Patched in 2023 || No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen [https://pastebin.com/raw/djYwc0fN here] || HIGH
|-
|-
| Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others || 2014 || Re-encode images heavily. || HIGH
| Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled || Needs more info. || Patched in 2023 || No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen [https://pastebin.com/raw/djYwc0fN here] || HIGH
|-
|-
| Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game. || Patched on November 17th, 2016 || Set the context level of MachineAddress to RobloxScriptSecurity. || HIGH
| Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others || Client & Studio(?). || 2014 || Re-encode images heavily. || HIGH
|-
|-
| CVE-2011-3026 can stop a user's avatar from loading. || Needs more info. || Allow file uploads of 1mb for png's at most. || LOW
| Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game. || Client. || Patched on November 17th, 2016 || Set the context level of MachineAddress to RobloxScriptSecurity. || HIGH
|-
| Crypt::verifySignatureBase64 has a buffer overflow if signature length exceeds 1024 bytes -- can be used to crash servers that process tickets or initiate a buffer overflow exploit (although no PoC has been created yet) || Needs more info. || 2009-2018 || Check for signature size before processing || MEDIUM
|-
| [https://nvd.nist.gov/vuln/detail/CVE-2011-3026 CVE-2011-3026] can stop a user's avatar from loading. || Website, (?) || Needs more info. || Allow file uploads of 1mb for png's at most. || LOW


|}
|}

Latest revision as of 02:20, 14 November 2023

ROBLOX has had it's fare share of vulnerabilities that can be used malicious, this is a place where most (if not, all) are documented

Documentation

Vulnerability Information Affected Applications Affected Dates Patch Severity
Loadstring can run bytecode Client & Studio. Patched on August 3rd, 2012 Disallow the execution of bytecode in the loadstring function CRITICAL
:Chat has no check on length, can be used to crash RCCService RCCService. Patched in 2020 No patch. CRITICAL
Lots of UI's can cause de-spawning of CoreGUI Studio & Client. Patched in 2021 No patch, POC. CRITICAL
__gc can be used to execute the sandbox Needs more info. 2006-2009 Remove the __gc metamethod. HIGH
Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled Needs more info. Patched in 2023 No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen here HIGH
Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others Client & Studio(?). 2014 Re-encode images heavily. HIGH
Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game. Client. Patched on November 17th, 2016 Set the context level of MachineAddress to RobloxScriptSecurity. HIGH
Crypt::verifySignatureBase64 has a buffer overflow if signature length exceeds 1024 bytes -- can be used to crash servers that process tickets or initiate a buffer overflow exploit (although no PoC has been created yet) Needs more info. 2009-2018 Check for signature size before processing MEDIUM
CVE-2011-3026 can stop a user's avatar from loading. Website, (?) Needs more info. Allow file uploads of 1mb for png's at most. LOW
Retrieved from "https://lrre.wiki/?title=Vulnerabilities&oldid=1739"