CVE-2017-4950 — Integer Overflow or Wraparound in Vmware Fusion

CWE-190 — Integer Overflow or Wraparound3 documents3 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 84.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation PRO Player

Timeline

PublishedJan 11

Latest updateMay 14

Description

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶NVDvmware/fusion8.0 — 8.5.10+1

▶NVDvmware/workstation12.0 — 12.5.9+1

▶CVEListV5vmware/fusion10.x before 10.1.1, 8.x before 8.5.10+1

▶CVEListV5vmware/workstation_pro_player12.x before 12.5.9, 14.x before 14.1.1+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-72cc-6qc5-x46j: VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled↗2022-05-14

▶

CVEList

CVE-2017-4950: VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled↗2018-01-11

▶