CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
85.4%
StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer
Overflow with a resultant Buffer Overflow. It uses
uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed
m_BufferSize.
github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27)
github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)
github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)
github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)
launchpad.net/bugs/cve/CVE-2023-33864
nvd.nist.gov/vuln/detail/CVE-2023-33864
renderdoc.org/
security-tracker.debian.org/tracker/CVE-2023-33864
www.cve.org/CVERecord?id=CVE-2023-33864
www.openwall.com/lists/oss-security/2023/06/06/3
www.qualys.com/2023/06/06/renderdoc/renderdoc.txt