Vulnerabilities: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(add new vulnerability to inform people about new 2016 risk) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 4: | Line 4: | ||
{| class="wikitable" style="" | {| class="wikitable" style="" | ||
|- | |- | ||
! Vulnerability Information !! Affected | ! Vulnerability Information !! Affected Applications !! Affected Dates !! Patch !! Severity | ||
|- | |- | ||
| Loadstring can run bytecode || Patched on August 3rd, 2012 || Disallow the execution of bytecode in the loadstring function || CRITICAL | | Loadstring can run bytecode || Client & Studio. || Patched on August 3rd, 2012 || Disallow the execution of bytecode in the loadstring function || CRITICAL | ||
|- | |- | ||
| :Chat has no check on length, can be used to crash RCCService || Patched in 2020 || No patch. || CRITICAL | | :Chat has no check on length, can be used to crash RCCService || RCCService. || Patched in 2020 || No patch. || CRITICAL | ||
|- | |- | ||
| | | Lots of UI's can cause de-spawning of CoreGUI || Studio & Client. || Patched in 2021 || No patch, [https://pastebin.com/raw/AF1yBaDc POC]. || CRITICAL | ||
|- | |- | ||
| __gc can be used to execute the sandbox || Needs more info. || 2006-2009 || Remove the __gc metamethod. || HIGH | |||
|- | |- | ||
|- | |- | ||
| | | Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled || Needs more info. || Patched in 2023 || No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen [https://pastebin.com/raw/djYwc0fN here] || HIGH | ||
|- | |- | ||
| | | Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others || Client & Studio(?). || 2014 || Re-encode images heavily. || HIGH | ||
|- | |- | ||
| | | Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game. || Client. || Patched on November 17th, 2016 || Set the context level of MachineAddress to RobloxScriptSecurity. || HIGH | ||
|- | |- | ||
| [https://nvd.nist.gov/vuln/detail/CVE-2011-3026 CVE-2011-3026] can stop a user's avatar from loading. || Needs more info. || Allow file uploads of 1mb for png's at most. || LOW | | Crypt::verifySignatureBase64 has a buffer overflow if signature length exceeds 1024 bytes -- can be used to crash servers that process tickets or initiate a buffer overflow exploit (although no PoC has been created yet) || Needs more info. || 2009-2018 || Check for signature size before processing || MEDIUM | ||
|- | |||
| [https://nvd.nist.gov/vuln/detail/CVE-2011-3026 CVE-2011-3026] can stop a user's avatar from loading. || Website, (?) || Needs more info. || Allow file uploads of 1mb for png's at most. || LOW | |||
|} | |} |
Latest revision as of 02:20, 14 November 2023
ROBLOX has had it's fare share of vulnerabilities that can be used malicious, this is a place where most (if not, all) are documented
Documentation
Vulnerability Information | Affected Applications | Affected Dates | Patch | Severity |
---|---|---|---|---|
Loadstring can run bytecode | Client & Studio. | Patched on August 3rd, 2012 | Disallow the execution of bytecode in the loadstring function | CRITICAL |
:Chat has no check on length, can be used to crash RCCService | RCCService. | Patched in 2020 | No patch. | CRITICAL |
Lots of UI's can cause de-spawning of CoreGUI | Studio & Client. | Patched in 2021 | No patch, POC. | CRITICAL |
__gc can be used to execute the sandbox | Needs more info. | 2006-2009 | Remove the __gc metamethod. | HIGH |
Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled | Needs more info. | Patched in 2023 | No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen here | HIGH |
Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others | Client & Studio(?). | 2014 | Re-encode images heavily. | HIGH |
Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game. | Client. | Patched on November 17th, 2016 | Set the context level of MachineAddress to RobloxScriptSecurity. | HIGH |
Crypt::verifySignatureBase64 has a buffer overflow if signature length exceeds 1024 bytes -- can be used to crash servers that process tickets or initiate a buffer overflow exploit (although no PoC has been created yet) | Needs more info. | 2009-2018 | Check for signature size before processing | MEDIUM |
CVE-2011-3026 can stop a user's avatar from loading. | Website, (?) | Needs more info. | Allow file uploads of 1mb for png's at most. | LOW |