Lucene search

GoogleOSV:CVE-2023-33865

HistoryJun 07, 2023 - 8:15 p.m.

CVE-2023-33865

2023-06-0720:15:10

Google

osv.dev

cve-2023-33865

symlink attack

local privilege escalation

/tmp/renderdoc directory

software

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.

CPENameOperatorVersion
renderdoceq0.34
renderdoceq1.4
renderdoceq1.24
renderdoceq0.28
renderdoceq0.26
renderdoceq1.16
renderdoceq1.20
renderdoceq1.22
renderdoceq0.21
renderdoceq0.22

Name	Operator	Version
renderdoc	eq	0.34
renderdoc	eq	1.4
renderdoc	eq	1.24
renderdoc	eq	0.28
renderdoc	eq	0.26
renderdoc	eq	1.16
renderdoc	eq	1.20
renderdoc	eq	1.22
renderdoc	eq	0.21
renderdoc	eq	0.22

Rows per page:

1-10 of 421

References

packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html

seclists.org/fulldisclosure/2023/Jun/2

lists.debian.org/debian-lts-announce/2023/07/msg00023.html

renderdoc.org/

security.gentoo.org/glsa/202311-10

www.qualys.com/2023/06/06/renderdoc/renderdoc.txt