Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2023:0253-1

Опубликовано: 25 сент. 2023
Источник: suse-cvrf

Описание

Security update for renderdoc

This update for renderdoc fixes the following issues:

Security issues fixed:

  • CVE-2023-33863: integer overflow to heap-based buffer overflow
  • CVE-2023-33864: integer underflow to heap-based buffer overflow
  • CVE-2023-33865: symlink vulnerability in /tmp/RenderDoc

Список пакетов

SUSE Package Hub 15 SP5
renderdoc-1.24-bp155.2.3.1
renderdoc-devel-1.24-bp155.2.3.1
openSUSE Leap 15.5
renderdoc-1.24-bp155.2.3.1
renderdoc-devel-1.24-bp155.2.3.1

Ссылки

Описание

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.

Затронутые продукты
SUSE Package Hub 15 SP5:renderdoc-1.24-bp155.2.3.1
SUSE Package Hub 15 SP5:renderdoc-devel-1.24-bp155.2.3.1
openSUSE Leap 15.5:renderdoc-1.24-bp155.2.3.1
openSUSE Leap 15.5:renderdoc-devel-1.24-bp155.2.3.1
Ссылки

Описание

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.

Затронутые продукты
SUSE Package Hub 15 SP5:renderdoc-1.24-bp155.2.3.1
SUSE Package Hub 15 SP5:renderdoc-devel-1.24-bp155.2.3.1
openSUSE Leap 15.5:renderdoc-1.24-bp155.2.3.1
openSUSE Leap 15.5:renderdoc-devel-1.24-bp155.2.3.1
Ссылки

Описание

RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.

Затронутые продукты
SUSE Package Hub 15 SP5:renderdoc-1.24-bp155.2.3.1
SUSE Package Hub 15 SP5:renderdoc-devel-1.24-bp155.2.3.1
openSUSE Leap 15.5:renderdoc-1.24-bp155.2.3.1
openSUSE Leap 15.5:renderdoc-devel-1.24-bp155.2.3.1
Ссылки
Уязвимость openSUSE-SU-2023:0253-1