8.8

CVE-2017-4902

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

Data is provided by the National Vulnerability Database (NVD)
VMwareWorkstation Player Version >= 12.0.0 < 12.5.5
VMwareWorkstation Pro Version >= 12.0.0 < 12.5.5
VMwareESXi Version5.5 Update-
VMwareESXi Version5.5 Update1
VMwareESXi Version5.5 Update2
VMwareESXi Version5.5 Update3a
VMwareESXi Version5.5 Update3b
VMwareESXi Version6.5 Update-
VMwareESXi Version6.5 Update650-201701001
VMwareESXi Version6.5 Update650-201703001
VMwareESXi Version6.5 Update650-201703002
VMwareFusion Version >= 8.0.0 < 8.5.6
   ApplemacOS X Version-
VMwareFusion Pro Version >= 8.0.0 < 8.5.6
   ApplemacOS X Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.195
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/97163
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038148
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038149
Third Party Advisory
VDB Entry