6.5
CVE-2017-4938
- EPSS 0.05%
- Published 17.11.2017 14:29:00
- Last modified 20.04.2025 01:37:25
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Workstation Version12.0.0
VMware ≫ Workstation Version12.0.1
VMware ≫ Workstation Version12.1
VMware ≫ Workstation Version12.1.1
VMware ≫ Workstation Version12.5
VMware ≫ Workstation Version12.5.1
VMware ≫ Workstation Version12.5.2
VMware ≫ Workstation Version12.5.3
VMware ≫ Workstation Version12.5.4
VMware ≫ Workstation Version12.5.5
VMware ≫ Workstation Version12.5.6
VMware ≫ Workstation Version12.5.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.108 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2 | 4 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.