CVE-2023-33863 Common Vulnerabilities and Exposures

Upstream information

CVE-2023-33863 at MITRE

Description

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v3 Scores
	National Vulnerability Database
Base Score	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1212086 [NEW]

SUSE Security Advisories:

openSUSE-SU-2023:0253-1, published Mon Sep 25 16:45:45 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP5	`renderdoc >= 1.24-bp155.2.3.1` `renderdoc-devel >= 1.24-bp155.2.3.1`	Patchnames: openSUSE-2023-253
openSUSE Leap 15.5	`renderdoc >= 1.24-bp155.2.3.1` `renderdoc-devel >= 1.24-bp155.2.3.1`	Patchnames: openSUSE-2023-253
openSUSE Tumbleweed	`renderdoc >= 1.27-1.1` `renderdoc-devel >= 1.27-1.1`	Patchnames: openSUSE Tumbleweed GA renderdoc-1.27-1.1

SUSE Timeline for this CVE

CVE page created: Tue Jun 6 20:00:02 2023
CVE page last modified: Mon Feb 12 19:38:41 2024