CVE-2023-33864 Common Vulnerabilities and Exposures

Upstream information

CVE-2023-33864 at MITRE

Description

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v3 Scores
	National Vulnerability Database
Base Score	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1212088 [NEW]

SUSE Security Advisories:

openSUSE-SU-2023:0253-1, published Mon Sep 25 16:45:45 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP5	`renderdoc >= 1.24-bp155.2.3.1` `renderdoc-devel >= 1.24-bp155.2.3.1`	Patchnames: openSUSE-2023-253
openSUSE Leap 15.5	`renderdoc >= 1.24-bp155.2.3.1` `renderdoc-devel >= 1.24-bp155.2.3.1`	Patchnames: openSUSE-2023-253
openSUSE Tumbleweed	`renderdoc >= 1.27-1.1` `renderdoc-devel >= 1.27-1.1`	Patchnames: openSUSE Tumbleweed GA renderdoc-1.27-1.1

SUSE Timeline for this CVE

CVE page created: Tue Jun 6 20:00:02 2023
CVE page last modified: Mon Sep 25 18:08:18 2023