CVE-2023-20872Out-of-bounds Write in Workstation PRO Player AND Vmware Fusion

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 26.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware Workstation PRO Player AND Vmware FusionVmware FusionVmware Workstation
Timeline
PublishedApr 25

Description

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

CVEListV5vmware_workstation_pro/player_and_vmware_fusionVMware Workstation (17.x) and VMware Fusion (13.x)
NVDvmware/fusion13.0.0
NVDvmware/workstation17.0.0

🔴Vulnerability Details

2
GHSA
GHSA-q43r-9cg8-m76q: VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation2023-04-25
CVEList
CVE-2023-20872: VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation2023-04-25

📋Vendor Advisories

1
VMware
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)2023-04-25
CVE-2023-20872 — Out-of-bounds Write | cvebase