CVE-2020-3990

CWE-125Out-of-bounds ReadCWE-190Integer Overflow4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 87.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware Horizon ClientVmware Workstation PlayerVmware Workstation PRO
Timeline
PublishedSep 16
Latest updateMay 24

Description

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by d

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

CVEListV5vmware_workstation_and_horizon_client_for_windowsVMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)
NVDvmware/horizon_client5.0.05.4.4
NVDvmware/workstation_pro15.0.016.0.0
NVDvmware/workstation_player15.0.016.0.0

🔴Vulnerability Details

2
GHSA
GHSA-pvj6-h4hj-8v43: VMware Workstation (152022-05-24
CVEList
CVE-2020-3990: VMware Workstation (152020-09-16

📋Vendor Advisories

1
VMware
VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990)2020-09-14
CVE-2020-3990 (MEDIUM CVSS 6.5) | VMware Workstation (15.x) and Horiz | cvebase.io