Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 908031 (CVE-2023-33863, CVE-2023-33864, CVE-2023-33865)

Summary: <media-gfx/renderdoc-1.27: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: matthew
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt
Whiteboard: B1 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 908204    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-08 03:41:23 UTC 
CVE-2023-33865:

RenderDoc through 1.26 allows local privilege escalation via a symlink attack.

CVE-2023-33864:

RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2).

CVE-2023-33863:

RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).

"- CVE-2023-33865, a symlink vulnerability that is exploitable by any
  unprivileged local attacker to obtain the privileges of the user who
  runs RenderDoc. The exact details of this symlink vulnerability made
  it quite interesting and challenging to exploit.

- CVE-2023-33864, an integer underflow that results in a heap-based
  buffer overflow that is exploitable by any remote attacker to execute
  arbitrary code on the machine that runs RenderDoc. The unusual malloc
  exploitation technique that we used to exploit this vulnerability is
  reliable, one-shot, and works despite all the latest glibc, ASLR, PIE,
  NX, and stack-canary protections.

- CVE-2023-33863, an integer overflow that results in a heap-based
  buffer overflow and may be exploitable by a remote attacker to execute
  arbitrary code on the machine that runs RenderDoc (but we have not
  tried to exploit this vulnerability)."

Fixes in 1.27, please bump.
Comment 1 Larry the Git Cow gentoo-dev 2023-06-09 16:49:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43f654a060813a88209ab9998291b3701eacf86e

commit 43f654a060813a88209ab9998291b3701eacf86e
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-06-09 16:49:18 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-06-09 16:49:36 +0000

    media-gfx/renderdoc: add 1.27
    
    Bug: https://bugs.gentoo.org/908031
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 media-gfx/renderdoc/Manifest                       |   2 +
 .../renderdoc/files/renderdoc-1.27-env-home.patch  |  15 ++
 media-gfx/renderdoc/renderdoc-1.27.ebuild          | 202 +++++++++++++++++++++
 3 files changed, 219 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-12 04:42:22 UTC 
Thanks! Please cleanup.
Comment 3 Larry the Git Cow gentoo-dev 2023-06-23 09:01:42 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d523e2ed9e0302c57fb425341ceec2995a6daa4c

commit d523e2ed9e0302c57fb425341ceec2995a6daa4c
Author:     Matthew Smith <matthew@gentoo.org>
AuthorDate: 2023-06-23 08:58:09 +0000
Commit:     Matthew Smith <matthew@gentoo.org>
CommitDate: 2023-06-23 08:58:09 +0000

    media-gfx/renderdoc: drop 1.24, security cleanup
    
    Bug: https://bugs.gentoo.org/908031
    Signed-off-by: Matthew Smith <matthew@gentoo.org>

 media-gfx/renderdoc/Manifest                       |   2 -
 .../renderdoc/files/renderdoc-1.24-env-home.patch  |  15 --
 media-gfx/renderdoc/renderdoc-1.24.ebuild          | 203 ---------------------
 3 files changed, 220 deletions(-)
Comment 4 Matthew Smith gentoo-dev 2023-06-23 09:08:20 UTC 
Sorry for the delay.

On the GLSA-worthiness of these issues, I don't think one is required. It's not commonly installed software, mostly used to debug trusted applications, and the server defaults to listening on localhost.
Comment 5 Larry the Git Cow gentoo-dev 2023-11-25 09:37:02 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=335f69a9cbc971132afe551e722b25032997f1b5

commit 335f69a9cbc971132afe551e722b25032997f1b5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 09:36:29 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 09:36:55 +0000

    [ GLSA 202311-10 ] RenderDoc: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/908031
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-10.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)