Required CVE Record Information
Description
SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
References 6 Total
- https://renderdoc.org/
- https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt
- seclists.org: 20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 mailing-list
- http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html
- lists.debian.org: [debian-lts-announce] 20230725 [SECURITY] [DLA 3501-1] renderdoc security update mailing-list
- security.gentoo.org: GLSA-202311-10 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://renderdoc.org/ x_transferred
- https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt x_transferred
- seclists.org: 20230607 LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 mailing-listx_transferred
- http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html x_transferred
- lists.debian.org: [debian-lts-announce] 20230725 [SECURITY] [DLA 3501-1] renderdoc security update mailing-listx_transferred
- security.gentoo.org: GLSA-202311-10 vendor-advisoryx_transferred