[Security] Sandbox escape in Mupen64Plus core #3929
Labels
Core: Mupen64Plus
Nintendo 64 (N64) core
re: Security
Repro: Affects 1.13.x
Repro: Affects 2.9.1
Repro: Fixed/added in 2.9.2 dev
In summary:
There is a possibility that a malicious N64 rom (
.n64
,.v64
,.z64
), when loaded in the Mupen64Plus core, could exploit the core and write into host memory where the executable is stored, thereby executing arbitrary code on the host system.The Mupen core shipped with 2.9.1 and every prior release would be vulnerable. The Ares64 core would not be vulnerable (so Linux users are safe, unless you've ignored our warnings and used WINE/Proton).
CPP has identified and fixed all the instances of the offending buffer overflow bugs that he could find, so you should grab a dev build if you want to play homebrew or patched roms or use any Internet content with the Mupen core. The first build with the fix is this one.
I still have very little information on this, but here's what I've been able to piece together:
#general
and no-one tells Yoshi anything >:(The text was updated successfully, but these errors were encountered: