CVE-2017-4941Improper Restriction of Operations within the Bounds of a Memory Buffer in Vmware Fusion

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
8.8HIGHNVD
EPSS
4.8%
top 10.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware FusionVmware WorkstationVmware Esxi
Timeline
PublishedDec 20
Latest updateMay 13

Description

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual ma

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5vmware/esxi5.5 ESXi550-201709101-SG, 6.0 before ESXi600-201711101-SG+1
NVDvmware/esxi5.5, 6.0+1
NVDvmware/fusion8.0.08.5.9
NVDvmware/workstation12.0.012.5.8
CVEListV5vmware/fusion8.x before 8.5.9

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-9hmp-hj7f-46vm: VMware ESXi (62022-05-13
CVEList
CVE-2017-4941: VMware ESXi (62017-12-20
CVE-2017-4941 — Vmware Fusion vulnerability | cvebase