CVE-2019-5527

CWE-416 — Use After Free4 documents4 sources

Severity

8.8HIGH

EPSS

0.0%

top 90.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Horizon Vmware Remote Console +2 more

Timeline

PublishedOct 10

Latest updateMay 24

Description

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages5 packages

▶NVDvmware/fusion11.0.0 — 11.5.0

▶NVDvmware/horizon< 5.2.0

▶NVDvmware/workstation15.0.0 — 15.5.0

▶NVDvmware/esxi6.0, 6.5, 6.7+2

▶NVDvmware/remote_console10.0.0 — 10.0.5

🔴Vulnerability Details

GHSA

GHSA-r6hj-459q-h63h: ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device↗2022-05-24

▶

CVEList

CVE-2019-5527: ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device↗2019-10-10

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. (CVE-2019-5527, CVE-2019-5535)↗2019-09-19

▶