VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
[
{
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "6.5 without patch ESXi650-201707101-SG"
},
{
"status": "affected",
"version": "6.0 without patch ESXi600-201706101-SG"
},
{
"status": "affected",
"version": "5.5 without patch ESXi550-201709101-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x before 12.5.3"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x before 8.5.4"
}
]
}
]