Lucene search
VmwareCVELIST:CVE-2020-3969HistoryJun 24, 2020 - 4:00 p.m.
CVE-2020-3969
2020-06-2416:00:46
vmware
www.cve.org
8
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.
CNA Affected
[
{
"product": "VMware ESXi",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.0 before ESXi_7.0.0-1.20.16321839"
},
{
"status": "affected",
"version": "6.7 before ESXi670-202004101-SG"
},
{
"status": "affected",
"version": "6.5 before ESXi650-202005401-SG"
}
]
},
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "15.x before 15.5.5"
}
]
},
{
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "11.x before 11.5.5"
}
]
}
]Related
cve
cve
CVE-2020-3969
2020-06-24 16:15:10
zdi
zdi
prion
prion
Heap overflow
2020-06-24 16:15:00
nvd
nvd
CVE-2020-3969
2020-06-24 16:15:10
kaspersky
kaspersky
KLA12098 Multiple vulnerabilities in VMware Workstation and Player
2020-06-23 00:00:00
nessus
nessus
