Skip to main content

Retrodebugger EUVDEUVD-2026-14772

| CVE-2026-4753 CRITICAL
Out-of-bounds Read (CWE-125)
2026-03-24 GovTech CSG
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 06:15 euvd
EUVD-2026-14772
Analysis Generated
Mar 24, 2026 - 06:15 vuln.today
Patch released
Mar 24, 2026 - 06:15 nvd
Patch available
CVE Published
Mar 24, 2026 - 05:41 nvd
CRITICAL 9.1

DescriptionCVE.org

Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.

AnalysisAI

RetroDebugger versions before 0.64.72 contain an out-of-bounds read vulnerability that allows remote attackers to cause denial of service and potentially disclose sensitive information without authentication or user interaction. The network-accessible vulnerability has a CVSS score of 9.1 and a patch is available.

Technical ContextAI

RetroDebugger (CPE: cpe:2.3:a:slajerek:retrodebugger:*:*:*:*:*:*:*:*) is a cross-platform debugging tool for vintage computer systems. The vulnerability stems from CWE-125 (Out-of-bounds Read), where the application reads data beyond the boundaries of allocated memory buffers. This class of vulnerability typically occurs when input validation is insufficient or pointer arithmetic is performed incorrectly, allowing an attacker to access memory locations that should be restricted. In debugging tools that process complex binary formats or protocol data, improper bounds checking during parsing operations can expose internal memory contents or trigger crashes when out-of-bounds addresses are dereferenced.

RemediationAI

Users should immediately upgrade RetroDebugger to version v0.64.72 or later, which contains the fix for the out-of-bounds read vulnerability as documented in GitHub pull request https://github.com/slajerek/RetroDebugger/pull/97. The patch is available directly from the vendor's GitHub repository. Until patching is completed, users should restrict network access to RetroDebugger instances using firewall rules to allow connections only from trusted IP addresses, disable any remote debugging features if not required, and avoid processing untrusted input files or network data. Given the network attack vector with no authentication required, running the software behind a VPN or within isolated network segments provides additional defense-in-depth protection during the upgrade window.

Share

EUVD-2026-14772 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy