CVE-2023-33863 — Vulnetix

CVE-2023-33863 PUBLISHED

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.

EPSS 0.33% · 56.4th percentile

Risk Scores

EPSS Score

0.33%

56.4th percentile

Affected Products

Vendor	Product	Versions
renderdoc	renderdoc	0
n/a	n/a	*

Exploit Intelligence

http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html (nist-nvd)
http://seclists.org/fulldisclosure/2023/Jun/2 (nist-nvd)
https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt (nist-nvd)
https://lists.debian.org/debian-lts-announce/2024/12/msg00008.html (circl)
https://renderdoc.org/ (circl)
[debian-lts-announce] 20230725 [SECURITY] [DLA 3501-1] renderdoc security update (circl)
GLSA-202311-10 (circl)
RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution Vulnerabilities (0day-today)
RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution Vulnerabilities (0day-today)

Timeline

Jun 7, 2023 CVE Published
Jun 8, 2023 PoC Published
Jun 8, 2023 EPSS Score
Jul 14, 2023 EPSS Score
Aug 19, 2023 EPSS Score
Oct 29, 2023 EPSS Score
Dec 4, 2023 EPSS Score
Jan 9, 2024 EPSS Score
Feb 13, 2024 EPSS Score
Mar 20, 2024 EPSS Score
May 31, 2024 EPSS Score
Jul 5, 2024 EPSS Score

References

Open in Interactive Console →