Current Description
VMware ESXi 6.5 without patch ESXi610-SG and 5.5 without patch ESXi501-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. Based on this thread, this is clearly an issue that has been going on since at least 8.5.1. VMWare needs to actively investigate this problem and patch Fusion. Using the VMs on a mac from the native console screen is an utter disaster that ends in nothing but frustration (and a cramped forearm).
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
Analysis Description
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
Severity
CVSS 3.x Severity and Metrics:
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-772 | Missing Release of Resource after Effective Lifetime | NIST |
| NVD-CWE-noinfo | Insufficient Information | NIST |
Known Affected Software Configurations Switch to CPE 2.2
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
