Bug#1037208: renderdoc: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1037208: renderdoc: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 07 Jun 2023 20:56:32 +0200
Message-id: <[🔎] 168616419233.1642790.1904456516180698414.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1037208@bugs.debian.org

Source: renderdoc
Version: 1.24+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for renderdoc.

CVE-2023-33863[0]:
| integer overflow to heap-based buffer overflow


CVE-2023-33864[1]:
| integer underflow to heap-based buffer overflow


CVE-2023-33865[2]:
| symlink vulnerability in /tmp/RenderDoc


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33863
    https://www.cve.org/CVERecord?id=CVE-2023-33863
[1] https://security-tracker.debian.org/tracker/CVE-2023-33864
    https://www.cve.org/CVERecord?id=CVE-2023-33864
[2] https://security-tracker.debian.org/tracker/CVE-2023-33865
    https://www.cve.org/CVERecord?id=CVE-2023-33865

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: [Git][xorg-team/vulkan/vulkan-loader][debian-unstable] 2 commits: sync-headers: Support non-sdk tags.
Next by Date: No recibí respuesta
Previous by thread: [Git][xorg-team/vulkan/vulkan-loader][debian-unstable] 2 commits: sync-headers: Support non-sdk tags.
Next by thread: No recibí respuesta
Index(es):
- Date
- Thread