Primary

Context

Mupen64Plus Array Overflow Vulnerability in RDRAM Write Functions Allowing Arbitrary Command Execution

Vulnerability

An array overflow vulnerability has been identified in Mupen64Plus version 2.6.0, specifically within the write_rdram_regs and read_rdram_regs functions. This vulnerability allows for the overwriting of function pointers in the host machine's memory, potentially leading to a virtual machine escape and the execution of arbitrary commands on the host.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the host machine.

Reproduction

The vulnerability can be reproduced by loading a test ROM into the emulator and using a crafted assembly payload that exploits the array overflow in the RDRAM write functions. The payload should be designed to overwrite function pointers in the emulator's memory, which can then be used to execute arbitrary commands on the host machine.

Added: Aug 22, 2025, 6:05 PM

Updated: Aug 22, 2025, 6:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mupen64Plus Array Overflow Vulnerability in RDRAM Write Functions Allowing Arbitrary Command Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating