CVE-2017-4949 — Use After Free in Vmware Fusion

CWE-416 — Use After Free3 documents3 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 77.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation PRO Player

Timeline

PublishedJan 11

Latest updateMay 14

Description

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶NVDvmware/fusion8.0 — 8.5.10+1

▶NVDvmware/workstation12.0 — 12.5.9+1

▶CVEListV5vmware/fusion10.x before 10.1.1, 8.x before 8.5.10+1

▶CVEListV5vmware/workstation_pro_player12.x before 12.5.9, 14.x before 14.1.1+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-xp8m-46mm-88p5: VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled↗2022-05-14

▶

CVEList

CVE-2017-4949: VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled↗2018-01-11

▶