Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202311-10.NASLHistoryNov 25, 2023 - 12:00 a.m.
GLSA-202311-10 : RenderDoc: Multiple Vulnerabilities
2023-11-2500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
renderdoc
multiple vulnerabilities
integer overflow
buffer overflow
local privilege escalation
cve-2023-33863
cve-2023-33864
cve-2023-33865
symlink attack
nessus scanner
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.8%
The remote host is affected by the vulnerability described in GLSA-202311-10 (RenderDoc: Multiple Vulnerabilities)
-
SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow.
0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
(CVE-2023-33863) -
StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.
(CVE-2023-33864) -
RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. (CVE-2023-33865)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202311-10.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('compat.inc');
if (description)
{
script_id(186270);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/25");
script_cve_id("CVE-2023-33863", "CVE-2023-33864", "CVE-2023-33865");
script_name(english:"GLSA-202311-10 : RenderDoc: Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"");
script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202311-10 (RenderDoc: Multiple Vulnerabilities)
- SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow.
0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
(CVE-2023-33863)
- StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer
Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.
(CVE-2023-33864)
- RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the
/tmp/RenderDoc directory regardless of ownership. (CVE-2023-33865)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202311-10");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=908031");
script_set_attribute(attribute:"solution", value:
"All RenderDoc users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose >=media-gfx/renderdoc-1.27");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-33864");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/07");
script_set_attribute(attribute:"patch_publication_date", value:"2023/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:renderdoc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gentoo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include('qpkg.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var flag = 0;
var packages = [
{
'name' : 'media-gfx/renderdoc',
'unaffected' : make_list("ge 1.27"),
'vulnerable' : make_list("lt 1.27")
}
];
foreach var package( packages ) {
if (isnull(package['unaffected'])) package['unaffected'] = make_list();
if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : qpkg_report_get()
);
exit(0);
}
else
{
qpkg_tests = list_uniq(qpkg_tests);
var tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'RenderDoc');
}
Related
nessus
nessus
Debian DLA-3501-1 : renderdoc - LTS security update
2023-07-25 00:00:00
openSUSE 15 Security Update : renderdoc (openSUSE-SU-2023:0253-1)
2023-09-26 00:00:00
gentoo
gentoo
RenderDoc: Multiple Vulnerabilities
2023-11-25 00:00:00
openvas
openvas
openSUSE: Security Advisory for renderdoc (openSUSE-SU-2023:0253-1)
2024-03-04 00:00:00
Debian: Security Advisory (DLA-3501-1)
2023-07-25 00:00:00
qualysblog
qualysblog
Behind the Screen: Three Vulnerabilities in RenderDoc
2023-06-06 17:01:32
osv
osv
renderdoc - security update
2023-07-25 00:00:00
CVE-2023-33865
2023-06-07 20:15:10
CVE-2023-33864
2023-06-07 20:15:10
debian
debian
[SECURITY] [DLA 3501-1] renderdoc security update
2023-07-25 04:55:40
packetstorm
packetstorm
RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
2023-06-08 00:00:00
zdt
zdt
thn
thn
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities
2023-06-08 05:18:00
cve
cve
ubuntucve
ubuntucve
nvd
nvd
prion
prion
Integer overflow
2023-06-07 20:15:00
Integer overflow
2023-06-07 20:15:00
Design/Logic Flaw
2023-06-07 20:15:00
cvelist
cvelist
debiancve
debiancve
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.8%
Related for GENTOO_GLSA-202311-10.NASL