CVE-2024-37086

CWE-125Out-of-bounds Read3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 77.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Cloud FoundationVmware Esxi
Timeline
PublishedJun 25

Description

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 2.5 | Impact: 4.2

Affected Packages4 packages

NVDvmware/esxi7.0, 8.0+1
CVEListV5esxi8.0ESXi80U3-24022510+1
NVDvmware/cloud_foundation4.05.2
CVEListV5vmware_cloud_foundation4.x, 5.x+1

🔴Vulnerability Details

2
GHSA
GHSA-rf2p-c3v5-v8fm: VMware ESXi contains an out-of-bounds read vulnerability2024-06-25
CVEList
CVE-2024-37086: VMware ESXi contains an out-of-bounds read vulnerability2024-06-25
CVE-2024-37086 (MEDIUM CVSS 6.8) | VMware ESXi contains an out-of-boun | cvebase.io