Description

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

Related CPE's

a

vmware

horizon

3

a

vmware

remote_console

2

a

vmware

workstation

Vulnerable

a

vmware

fusion

Vulnerable

o

apple

mac_os_x

-

o

vmware

esxi

179

References

https://www.vmware.com/security/advisories/VMSA-2019-0014.html

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2019-10-10T17:15:18.467

5 years ago

Last modified

2022-06-02T19:19:10.833

3 years ago