CVE-2023-33863 – CVE-2023-33863 is an integer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2023-33863?

CVE-2023-33863 has a CVSS score of 9.8 (CRITICAL). CVE-2023-33863 is an integer overflow vulnerability in RenderDoc's SerialiseValue function that leads to buffer overflow, potentially allowing remote code execution or local privilege escalation. Users of RenderDoc versions before 1.27 are affected, particularly developers and security researchers who use this graphics debugging tool.

📋 TL;DR

CVE-2023-33863 is an integer overflow vulnerability in RenderDoc's SerialiseValue function that leads to buffer overflow, potentially allowing remote code execution or local privilege escalation. Users of RenderDoc versions before 1.27 are affected, particularly developers and security researchers who use this graphics debugging tool.

💻 Affected Systems

Products:

RenderDoc

Versions: All versions before 1.27

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: RenderDoc is typically installed by developers and graphics professionals, not general users

📦 What is this software?

Renderdoc by Renderdoc

View all CVEs affecting Renderdoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution leading to complete control of affected systems

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated privileges on systems where RenderDoc is installed

🟢

If Mitigated

Limited impact if RenderDoc is not running or network access is restricted

🌐 Internet-Facing: MEDIUM - Exploitation requires RenderDoc to be running and accessible, which is less common for internet-facing systems

🏢 Internal Only: HIGH - Development and testing environments often have RenderDoc installed with elevated privileges

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available in security advisories, making exploitation straightforward for attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.27 and later

Vendor Advisory: https://renderdoc.org/

Restart Required: Yes

Instructions:

1. Download RenderDoc 1.27 or later from renderdoc.org 2. Uninstall previous version 3. Install new version 4. Restart system

🔧 Temporary Workarounds

Disable RenderDoc Service

linux

Stop and disable RenderDoc from running as a service

sudo systemctl stop renderdoc
sudo systemctl disable renderdoc

Network Isolation

linux

Block network access to RenderDoc using firewall rules

sudo ufw deny from any to any port 38920
sudo iptables -A INPUT -p tcp --dport 38920 -j DROP

🧯 If You Can't Patch

Remove RenderDoc from production systems entirely
Implement strict network segmentation to isolate systems with RenderDoc installed

🔍 How to Verify

Check if Vulnerable:

Check RenderDoc version: qrenderdoc --version or examine installed version in program files

Check Version:

qrenderdoc --version

Verify Fix Applied:

Confirm version is 1.27 or higher using qrenderdoc --version

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from RenderDoc
Memory access violations in RenderDoc logs
Network connections to RenderDoc default port 38920

Network Indicators:

Traffic to/from port 38920 (RenderDoc default)
Unexpected network connections to RenderDoc instances

SIEM Query:

process_name:"qrenderdoc" AND (event_type:"process_creation" OR event_type:"network_connection")

📊 Metadata

CVE ID: CVE-2023-33863

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: June 7, 2023

Last Updated: November 3, 2025

🔗 References

http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2023/Jun/2 Exploit,Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00023.html Third Party Advisory
https://renderdoc.org/ Product
https://security.gentoo.org/glsa/202311-10
https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt Exploit,Third Party Advisory
http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2023/Jun/2 Exploit,Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00023.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00008.html
https://renderdoc.org/ Product
https://security.gentoo.org/glsa/202311-10
https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33863, you might also want to check these: