PT-2023-3263 · Renderdoc · Renderdoc

Publicado

2023-05-19

Atualizado

2025-01-07

CVE-2023-33865

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RenderDoc versions prior to 1.27

Description The issue is related to the incorrect handling of symbolic links before accessing a file in the RenderDoc library. This can allow an attacker to escalate their privileges. The vulnerability relies on the /tmp/RenderDoc directory, regardless of its ownership.

Recommendations For versions prior to 1.27, update to version 1.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp/RenderDoc directory to minimize the risk of exploitation.

Exploit

Correção

LPE

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

BDU:2023-03384

CVE-2023-33865

DLA-3501-1

DLA-3987-1

OPENSUSE-SU-2023:0253-1

OPENSUSE-SU-2024:12986-1

Produtos afetados

Renderdoc

PT-2023-3263 · Renderdoc · Renderdoc

CVE-2023-33865

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40