CVE-2020-3999
published 2020-12-21CVE-2020-3999: VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x…
medium6.5CVSS 3.1
AVLACLPRLUINSCCNINAH
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | esxi | — | — |
| vmware | fusion | >= 11.5.0 < 11.5.7 | 11.5.7 |
| vmware | workstation | >= 15.0.0 < 15.5.7 | 15.5.7 |