CVE-2020-3959

CWE-401Memory LeakCWE-119Buffer Overflow4 documents4 sources
Severity
3.3LOW
EPSS
0.1%
top 73.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Vmware FusionVmware WorkstationVmware Vmware Esxi+3 more
Timeline
PublishedMay 29
Latest updateMay 24

Description

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages6 packages

NVDvmware/fusion11.0.011.1.0
NVDvmware/workstation15.0.015.1.0
NVDvmware/esxi6.5, 6.7+1
CVEListV5vmware/vmware_esxi6.5 before ESXi650-202005401-SG, 6.7 before ESXi670-202004101-SG+1
CVEListV5vmware/vmware_fusion11.x before 11.1.0

🔴Vulnerability Details

2
GHSA
GHSA-h8p9-vqgm-6wpx: VMware ESXi (62022-05-24
CVEList
CVE-2020-3959: VMware ESXi (62020-05-29

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959)2020-05-28