CVE-2020-3951

CWE-787Out-of-bounds Write4 documents4 sources
Severity
3.8LOW
EPSS
0.1%
top 69.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Horizon ClientVmware Workstation
Timeline
PublishedMar 17
Latest updateMay 24

Description

VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:LExploitability: 2.0 | Impact: 1.4

Affected Packages3 packages

CVEListV5vmware_workstation_and_horizon_client_for_windowsVMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0)
NVDvmware/horizon_client5.0.05.4.0
NVDvmware/workstation15.0.015.5.2

🔴Vulnerability Details

2
GHSA
GHSA-gj73-m2qr-829r: VMware Workstation (152022-05-24
CVEList
CVE-2020-3951: VMware Workstation (152020-03-17

📋Vendor Advisories

1
VMware
VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities (CVE-2020-3950, CVE-2020-3951)2020-03-17
CVE-2020-3951 (LOW CVSS 3.8) | VMware Workstation (15.x before 15. | cvebase.io