Vulnerabilities: Difference between revisions

Revision as of 01:00, 20 October 2023

ROBLOX has had it's fare share of vulnerabilities that can be used malicious, this is a place where most (if not, all) are documented

Vulnerability Information	Affected Years	Patch	Severity
Loadstring can run bytecode	2006-2012	Disallow the execution of bytecode in the loadstring function	CRITICAL
:Chat has no check on length, can be used to crash RCCService	Patched in 2020	No patch.	CRITICAL
__gc can be used to execute the sandbox	2006-2009	Remove the __gc metamethod.	HIGH
Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled	Patched in 2023	No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen here	HIGH
Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others	2014	Re-encode images heavily.	HIGH
Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game.	Patched on November 17th, 2016	Set the context level of MachineAddress to RobloxScriptSecurity.	HIGH
CVE-2011-3026 can stop a user's avatar from loading.	Needs more info.	Allow file uploads of 1mb for png's at most.	LOW

@@ Line 11: / Line 11: @@
 |-
 | __gc can be used to execute the sandbox || 2006-2009 || Remove the __gc metamethod. || HIGH
+|-
+|-
+| Instance::setParentInternal can parent tools to StarterPack, StarterCharacterScripts, and StarterGear regardless of FilteringEnabled  || Patched in 2023 || No patch yet, This only works when RakNet (or ROBLOX) calls this function internally, POC can be seen [https://pastebin.com/raw/djYwc0fN here] || HIGH
 |-
 | Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others || 2014 || Re-encode images heavily. || HIGH