Main Vulnerability Database Vulnerabilities #VU15787

Stack-based buffer overflow in VMware ESXi - CVE-2018-6982

Published: November 9, 2018

Vulnerability identifier: #VU15787

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6982

CWE-ID: CWE-121

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: VMware, Inc

Affected software:
VMware ESXi

Detailed vulnerability description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists due to uninitialized stack memory usage in the vmxnet3 virtual network adapter. A remote attacker can trigger memory corruption if vmxnet3 is enabled and access arbitrary data.

How to mitigate CVE-2018-6982

Install update from vendor's website.

Sources

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

Stack-based buffer overflow in VMware ESXi - CVE-2018-6982

Detailed vulnerability description

How to mitigate CVE-2018-6982

Sources

Please verify you're human