CVE-2023-20869 — Out-of-bounds Write in Vmware Fusion

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.2HIGHNVD

EPSS

2.3%

top 15.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation PRO Player AND Vmware Fusion

Timeline

PublishedApr 25

Latest updateApr 26

Description

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5vmware_workstation_pro/player_and_vmware_fusionVMware Workstation (17.x) and VMware Fusion (13.x)

▶NVDvmware/fusion13.0.0 — 13.0.2

▶NVDvmware/workstation17.0.0 — 17.0.2

🔴Vulnerability Details

GHSA

GHSA-xpqq-583w-8g73: VMware Workstation (17↗2023-04-26

▶

CVEList

CVE-2023-20869: VMware Workstation (17↗2023-04-25

▶

📋Vendor Advisories

VMware

VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)↗2023-04-25

▶