3 critical vulnerabilities have been found in RenderDoc, a graphics debugger that supports several running systems, which include Windows, Linux, Android and Nintendo Swap.
The software package holds a distinguished placement inside of the gaming development software program arena, as it seamlessly integrates with primary gaming software package engines this sort of as Unity and Unreal.
As for every the findings of cybersecurity experts from Qualys Threat Study Device (TRU), a trio of vulnerabilities has been discovered, comprising one particular instance of privilege escalation and two heap-dependent buffer overflows.
The initially of these flaws (tracked CVE-2023-33865) is a symlink vulnerability that can be exploited by a local attacker with no privilege prerequisite, perhaps granting them the privileges of the RenderDoc user.
Study far more on privilege escalation vulnerabilities: CISA: Patch Bug Exploited by Chinese E-commerce App
The next (tracked CVE-2023-33864) will involve an integer underflow that prospects to a heap-centered buffer overflow. This vulnerability can be remotely exploited by an attacker to execute arbitrary code on the host machine.
The third vulnerability (tracked CVE-2023-33863) is an integer overflow that outcomes in a heap-dependent buffer overflow. While Qualys reported no exploitation makes an attempt had been produced so far, the flaw could be exploited by a distant attacker to operate arbitrary code on the focus on device.
“These three vulnerabilities provide as a sobering reminder of the continual vigilance required in our digital environment,” described Saeed Abbasi, manager of vulnerability investigation at Qualys.
The security specialist also emphasised that comprehending these vulnerabilities serves as the original stride in strengthening companies’ defenses.
“Qualys strongly advises security groups to use patches for these vulnerabilities as shortly as achievable,” Abbasi concluded.
Extra facts about the flaws is out there on Qualys’s weblog.
Some parts of this article are sourced from:
www.infosecurity-journal.com