CVE-2019-5520Out-of-bounds Read in Vmware Fusion

CWE-125Out-of-bounds Read4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 47.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware FusionVmware WorkstationVmware Esxi
Timeline
PublishedApr 15
Latest updateMay 14

Description

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

NVDvmware/fusion10.0.010.1.6+1
NVDvmware/workstation14.0.014.1.6+1
CVEListV5vmware/esxi6.5 before ESXi650-201903001, 6.7 before ESXi670-201904101-SG+1
NVDvmware/esxi6.5, 6.7+1
CVEListV5vmware/fusion10.x before 10.1.6, 11.x before 11.0.3+1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-hjh7-cxcm-cxcw: VMware ESXi (62022-05-14
CVEList
CVE-2019-5520: VMware ESXi (62019-04-15

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation and Fusion updates address multiple out-of-bounds read vulnerabilities.2019-04-11
CVE-2019-5520 — Out-of-bounds Read in Vmware Fusion | cvebase