VMwareVMSA-2019-0014.1VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. (CVE-2019-5527, CVE-2019-5535)
EPSS
Percentile
25.0%
3a. ESXi, Workstation, Fusion, VMRC and Horizon Client use-after-free vulnerability - CVE-2019-5527
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
3b. VMware Workstation and Fusion network denial-of-service vulnerability - CVE-2019-5535
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5535
docs.vmware.com/en/VMware-Fusion/index.html
docs.vmware.com/en/VMware-Horizon-Client/index.html
docs.vmware.com/en/VMware-Remote-Console/10.0/rn/VMware-Remote-Console-1006-Release-Notes.html
docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201909001.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201903001.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-esxi-67u2-release-notes.html
docs.vmware.com/en/VMware-Workstation-Pro/index.html
my.vmware.com/group/vmware/patch
my.vmware.com/web/vmware/details?downloadGroup=VMRC1006&productId=742
my.vmware.com/web/vmware/details?productId=742&downloadGroup=ESXI67U2
my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_clients/5_0
www.vmware.com/go/downloadfusion
www.vmware.com/go/downloadworkstation
Related
