Vulnerabilities: Difference between revisions
Jump to navigation
Jump to search
(set CVE-2011-3026 severity to low (this is an integer overflow, but requires the client to take in over 4mb of PNG)) |
(add new vuln) |
||
Line 11: | Line 11: | ||
|- | |- | ||
| __gc can be used to execute the sandbox || 2006-2009 || Remove the __gc metamethod. || HIGH | | __gc can be used to execute the sandbox || 2006-2009 || Remove the __gc metamethod. || HIGH | ||
|- | |||
|- | |||
| Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled || Patched in 2023 || No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen [https://pastebin.com/raw/djYwc0fN here] || HIGH | |||
|- | |- | ||
| Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others || 2014 || Re-encode images heavily. || HIGH | | Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others || 2014 || Re-encode images heavily. || HIGH |
Revision as of 01:00, 20 October 2023
ROBLOX has had it's fare share of vulnerabilities that can be used malicious, this is a place where most (if not, all) are documented
Documentation
Vulnerability Information | Affected Years | Patch | Severity |
---|---|---|---|
Loadstring can run bytecode | 2006-2012 | Disallow the execution of bytecode in the loadstring function | CRITICAL |
:Chat has no check on length, can be used to crash RCCService | Patched in 2020 | No patch. | CRITICAL |
__gc can be used to execute the sandbox | 2006-2009 | Remove the __gc metamethod. | HIGH |
Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled | Patched in 2023 | No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen here | HIGH |
Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others | 2014 | Re-encode images heavily. | HIGH |
Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game. | Patched on November 17th, 2016 | Set the context level of MachineAddress to RobloxScriptSecurity. | HIGH |
CVE-2011-3026 can stop a user's avatar from loading. | Needs more info. | Allow file uploads of 1mb for png's at most. | LOW |