CVE-2019-5515 — Out-of-bounds Write in Vmware Fusion

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.8HIGHNVD

EPSS

4.1%

top 11.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation AND Fusion

Timeline

PublishedApr 2

Latest updateMay 14

Description

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5vmware/vmware_workstation_and_fusion4 versions+3

▶NVDvmware/fusion10.0.0 — 10.1.6+1

▶NVDvmware/workstation14.0.0 — 14.1.6+1

🔴Vulnerability Details

GHSA

GHSA-ggc8-vp3r-5j38: VMware Workstation (15↗2022-05-14

▶

CVEList

CVE-2019-5515: VMware Workstation (15↗2019-04-02

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation and Fusion updates address multiple security issues.↗2019-03-28

▶