8.8

CVE-2017-4903

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.

Data is provided by the National Vulnerability Database (NVD)
VMwareWorkstation Player Version >= 12.0.0 < 12.5.5
VMwareWorkstation Pro Version >= 12.0.0 < 12.5.5
VMwareESXi Version5.5 Update-
VMwareESXi Version5.5 Update1
VMwareESXi Version5.5 Update2
VMwareESXi Version5.5 Update3a
VMwareESXi Version5.5 Update3b
VMwareESXi Version6.0 Update-
VMwareESXi Version6.0 Update1
VMwareESXi Version6.0 Update1a
VMwareESXi Version6.0 Update1b
VMwareESXi Version6.0 Update2
VMwareESXi Version6.0 Update3
VMwareESXi Version6.0 Update3a
VMwareESXi Version6.0 Update600-201504401
VMwareESXi Version6.0 Update600-201505401
VMwareESXi Version6.0 Update600-201507101
VMwareESXi Version6.0 Update600-201507102
VMwareESXi Version6.0 Update600-201507401
VMwareESXi Version6.0 Update600-201507402
VMwareESXi Version6.0 Update600-201507403
VMwareESXi Version6.0 Update600-201507404
VMwareESXi Version6.0 Update600-201507405
VMwareESXi Version6.0 Update600-201507406
VMwareESXi Version6.0 Update600-201507407
VMwareESXi Version6.0 Update600-201509101
VMwareESXi Version6.0 Update600-201509102
VMwareESXi Version6.0 Update600-201509201
VMwareESXi Version6.0 Update600-201509202
VMwareESXi Version6.0 Update600-201509203
VMwareESXi Version6.0 Update600-201509204
VMwareESXi Version6.0 Update600-201509205
VMwareESXi Version6.0 Update600-201509206
VMwareESXi Version6.0 Update600-201509207
VMwareESXi Version6.0 Update600-201509208
VMwareESXi Version6.0 Update600-201509209
VMwareESXi Version6.0 Update600-201509210
VMwareESXi Version6.0 Update600-201510401
VMwareESXi Version6.0 Update600-201511401
VMwareESXi Version6.0 Update600-201601101
VMwareESXi Version6.0 Update600-201601102
VMwareESXi Version6.0 Update600-201601401
VMwareESXi Version6.0 Update600-201601402
VMwareESXi Version6.0 Update600-201601403
VMwareESXi Version6.0 Update600-201601404
VMwareESXi Version6.0 Update600-201601405
VMwareESXi Version6.0 Update600-201602401
VMwareESXi Version6.0 Update600-201603101
VMwareESXi Version6.0 Update600-201603102
VMwareESXi Version6.0 Update600-201603201
VMwareESXi Version6.0 Update600-201603202
VMwareESXi Version6.0 Update600-201603203
VMwareESXi Version6.0 Update600-201603204
VMwareESXi Version6.0 Update600-201603205
VMwareESXi Version6.0 Update600-201603206
VMwareESXi Version6.0 Update600-201603207
VMwareESXi Version6.0 Update600-201603208
VMwareESXi Version6.0 Update600-201605401
VMwareESXi Version6.0 Update600-201608101
VMwareESXi Version6.0 Update600-201608401
VMwareESXi Version6.0 Update600-201608402
VMwareESXi Version6.0 Update600-201608403
VMwareESXi Version6.0 Update600-201608404
VMwareESXi Version6.0 Update600-201608405
VMwareESXi Version6.0 Update600-201610410
VMwareESXi Version6.0 Update600-201611401
VMwareESXi Version6.0 Update600-201611402
VMwareESXi Version6.0 Update600-201611403
VMwareESXi Version6.0 Update600-201702101
VMwareESXi Version6.0 Update600-201702102
VMwareESXi Version6.0 Update600-201702201
VMwareESXi Version6.0 Update600-201702202
VMwareESXi Version6.0 Update600-201702203
VMwareESXi Version6.0 Update600-201702204
VMwareESXi Version6.0 Update600-201702205
VMwareESXi Version6.0 Update600-201702206
VMwareESXi Version6.0 Update600-201702207
VMwareESXi Version6.0 Update600-201702208
VMwareESXi Version6.0 Update600-201702209
VMwareESXi Version6.0 Update600-201702210
VMwareESXi Version6.0 Update600-201702211
VMwareESXi Version6.0 Update600-201702212
VMwareESXi Version6.5 Update-
VMwareESXi Version6.5 Update650-201701001
VMwareESXi Version6.5 Update650-201703001
VMwareESXi Version6.5 Update650-201703002
VMwareFusion Version >= 8.0.0 < 8.5.6
   ApplemacOS X Version-
VMwareFusion Pro Version >= 8.0.0 < 8.5.6
   ApplemacOS X Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.176
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1038148
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038149
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/97160
Third Party Advisory
VDB Entry