CVE-2023-34059

CWE-404CWE-26613 documents8 sources
Severity
7.0HIGH
EPSS
0.1%
top 75.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Open VM ToolsDebian Debian Linux
Timeline
PublishedOct 27
Latest updateAug 24

Description

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages4 packages

NVDvmware/open_vm_tools11.0.012.3.0
Debianopen-vm-tools< 2:11.2.5-2+deb11u3+3
Ubuntuopen-vm-tools< 2:11.3.0-2ubuntu0~ubuntu20.04.7+2
CVEListV5open-vm-tools11.0.012.3.0

Also affects: Debian Linux 10.0, 11.0, 12.0

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

6
OSV
open-vm-tools vulnerabilities2025-08-24
OSV
open-vm-tools vulnerabilities2023-12-06
OSV
open-vm-tools vulnerabilities2023-10-31
CVEList
CVE-2023-34059: open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper2023-10-27
GHSA
GHSA-q6p8-m5f4-4vmp: open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper2023-10-27

📋Vendor Advisories

6
Ubuntu
Open VM Tools vulnerabilities2025-08-24
Ubuntu
Open VM Tools vulnerabilities2023-12-06
Ubuntu
Open VM Tools vulnerabilities2023-10-31
Red Hat
open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper2023-10-26
Microsoft
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowin2023-10-10
CVE-2023-34059 (HIGH CVSS 7) | open-vm-tools contains a file descr | cvebase.io