Fluid Attacks Database

Description

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	renderdoc	=1.11+dfsg-5 \|\| >=0 <1.11+dfsg-5+deb11u1	1.11+dfsg-5+deb11u1
debian 12	renderdoc	=1.24+dfsg-1 \|\| >=0 <1.24+dfsg-1+deb12u1	1.24+dfsg-1+deb12u1

Aliases

1. CVE-2023-338632. NVD-2023-338633. OSV-DEBIAN-2023-338634. OSV-2023-338635. SECURITY-TRACKER-CVE-2023-33863

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.