Main Vulnerability Database Vulnerabilities #VU19921

#VU19921 Out-of-bounds write in VMware, Inc products - CVE-2019-5684

Published: August 2, 2019

Vulnerability identifier: #VU19921

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5684

CWE-ID: CWE-125

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
VMware Fusion
VMware Workstation
VMware ESXi

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote unprivileged user with access to a guest operating system can trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability can be exploited only if the host has an affected NVIDIA graphics driver.

Remediation

Install updates from vendor's website.

External links

http://www.vmware.com/security/advisories/VMSA-2019-0012.html