PT-2023-3263 · Renderdoc · Renderdoc

Published

2023-05-19

Updated

2025-01-07

CVE-2023-33865

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RenderDoc versions prior to 1.27

Description The issue is related to the incorrect handling of symbolic links before accessing a file in the RenderDoc library. This can allow an attacker to escalate their privileges. The vulnerability relies on the /tmp/RenderDoc directory, regardless of its ownership.

Recommendations For versions prior to 1.27, update to version 1.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp/RenderDoc directory to minimize the risk of exploitation.

Exploit

Fix

LPE

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2023-03384

CVE-2023-33865

DLA-3501-1

DLA-3987-1

OPENSUSE-SU-2023:0253-1

OPENSUSE-SU-2024:12986-1

Affected Products

Renderdoc

PT-2023-3263 · Renderdoc · Renderdoc

CVE-2023-33865

Weakness Enumeration

Related Identifiers

Affected Products

References · 40