Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
AnalysisAI
RetroDebugger versions before 0.64.72 contain an out-of-bounds read vulnerability that allows remote attackers to cause denial of service and potentially disclose sensitive information without authentication or user interaction. The network-accessible vulnerability has a CVSS score of 9.1 and a patch is available.
Technical ContextAI
RetroDebugger (CPE: cpe:2.3:a:slajerek:retrodebugger:*:*:*:*:*:*:*:*) is a cross-platform debugging tool for vintage computer systems. The vulnerability stems from CWE-125 (Out-of-bounds Read), where the application reads data beyond the boundaries of allocated memory buffers. This class of vulnerability typically occurs when input validation is insufficient or pointer arithmetic is performed incorrectly, allowing an attacker to access memory locations that should be restricted. In debugging tools that process complex binary formats or protocol data, improper bounds checking during parsing operations can expose internal memory contents or trigger crashes when out-of-bounds addresses are dereferenced.
RemediationAI
Users should immediately upgrade RetroDebugger to version v0.64.72 or later, which contains the fix for the out-of-bounds read vulnerability as documented in GitHub pull request https://github.com/slajerek/RetroDebugger/pull/97. The patch is available directly from the vendor's GitHub repository. Until patching is completed, users should restrict network access to RetroDebugger instances using firewall rules to allow connections only from trusted IP addresses, disable any remote debugging features if not required, and avoid processing untrusted input files or network data. Given the network attack vector with no authentication required, running the software behind a VPN or within isolated network segments provides additional defense-in-depth protection during the upgrade window.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14772