CVE-2023-33863

9.8 CRITICAL

Published: June 07, 2023 Modified: November 03, 2025

Description

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://seclists.org/fulldisclosure/2023/Jun/2

Source: cve@mitre.org

Exploit Mailing List Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/07/msg00023.html

Source: cve@mitre.org

Third Party Advisory

https://renderdoc.org/

Source: cve@mitre.org

Product

https://security.gentoo.org/glsa/202311-10

Source: cve@mitre.org

https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt

Source: cve@mitre.org

Exploit Third Party Advisory

http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html