Vulnerabilities

From LRREW
Revision as of 00:20, 19 October 2023 by Stan (talk | contribs) (set CVE-2011-3026 severity to low (this is an integer overflow, but requires the client to take in over 4mb of PNG))
Jump to navigation Jump to search

ROBLOX has had it's fare share of vulnerabilities that can be used malicious, this is a place where most (if not, all) are documented

Documentation

Vulnerability Information Affected Years Patch Severity
Loadstring can run bytecode 2006-2012 Disallow the execution of bytecode in the loadstring function CRITICAL
:Chat has no check on length, can be used to crash RCCService Patched in 2020 No patch. CRITICAL
__gc can be used to execute the sandbox 2006-2009 Remove the __gc metamethod. HIGH
Shirts with bad cHRM (or any) chunk data can be used maliciously to crash others 2014 Re-encode images heavily. HIGH
Scripts can access ClientReplicators and get the MachineAddress property, allowing them to IP log users that join their game. Patched on November 17th, 2016 Set the context level of MachineAddress to RobloxScriptSecurity. HIGH
CVE-2011-3026 can stop a user's avatar from loading. Needs more info. Allow file uploads of 1mb for png's at most. LOW
Retrieved from "https://lrre.wiki/?title=Vulnerabilities&oldid=1723"