CVE-2018-6982

CWE-908 — Use of Uninitialized Resource3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Vmware Esxi +1 more

Timeline

PublishedDec 4

Latest updateMay 13

Description

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

▶NVDvmware/esxi6.0, 6.5, 6.7+2

▶CVEListV5vmware/vmware_esxiVMware ESXi 6.7 without ESXi670-201811401-BG, VMware ESXi 6.5 without ESXi650-201811301-BG

▶NVDvmware/fusion10.0.0 — 10.1.4+1

▶NVDvmware/workstation14.0.0 — 14.1.4+1

🔴Vulnerability Details

GHSA

GHSA-pwjr-88cq-mmr3: VMware ESXi 6↗2022-05-13

▶

CVEList

CVE-2018-6982: VMware ESXi 6↗2018-12-04

▶