CVE-2019-5517Out-of-bounds Read in Vmware Fusion

CWE-125Out-of-bounds Read4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 40.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware FusionVmware WorkstationVmware Esxi
Timeline
PublishedApr 15
Latest updateMay 14

Description

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privile

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.6 | Impact: 5.2

Affected Packages6 packages

NVDvmware/fusion10.0.010.1.6+1
NVDvmware/workstation14.0.014.1.6+1
CVEListV5vmware/esxi6.5 before ESXi650-201903001, 6.7 before ESXi670-201904101-SG+1
NVDvmware/esxi6.5, 6.7+1
CVEListV5vmware/fusion10.x before 10.1.6, 11.x before 11.0.3+1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-f5mm-r2x3-3qmq: VMware ESXi (62022-05-14
CVEList
CVE-2019-5517: VMware ESXi (62019-04-15

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities.2019-04-11
CVE-2019-5517 — Out-of-bounds Read in Vmware Fusion | cvebase