CVE-2019-5518 — Out-of-bounds Read in Vmware Fusion

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 74.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Esxi

Timeline

PublishedApr 1

Latest updateMay 13

Description

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the ho…

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

▶NVDvmware/fusion10.0.0 — 10.1.6+1

▶NVDvmware/workstation14.0.0 — 14.1.7+1

▶NVDvmware/esxi6.0, 6.5, 6.7+2

🔴Vulnerability Details

GHSA

GHSA-v3rr-cmxc-fgwv: VMware ESXi (6↗2022-05-13

▶

CVEList

CVE-2019-5518: VMware ESXi (6↗2019-04-01

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation and Fusion updates address multiple security issues.↗2019-03-28

▶