CVE-2023-20870

CWE-125 — Out-of-bounds Read5 documents4 sources

Severity

6.0MEDIUM

EPSS

0.0%

top 86.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation PRO Player (workstation) AND Vmware Fusion

Timeline

PublishedApr 25

Latest updateOct 19

Description

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5vmware_workstation_pro_/_player_(workstation)_and_vmware_fusionVMware Workstation (17.x) and VMware Fusion (13.x)

▶NVDvmware/fusion13.0.0 — 13.0.2

▶NVDvmware/workstation17.0.0 — 17.0.2

🔴Vulnerability Details

GHSA

GHSA-96r3-r3f6-cmmr: VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the↗2023-04-26

▶

CVEList

CVE-2023-20870: VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the↗2023-04-25

▶

📋Vendor Advisories

VMware

VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)↗2023-10-19

▶

VMware

VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)↗2023-04-25

▶