Null pointer dereference in VMware, Inc products - CVE-2017-4925
Published: September 15, 2017
Vulnerability identifier: #VU8444
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4925
CWE-ID: CWE-476
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware ESXi
VMware Workstation
VMware Fusion
VMware ESXi
VMware Workstation
VMware Fusion
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition on the host system.
The weakness exists due to NULL pointer dereference when handling malicious content. An adjacent attacker can send specially crafted RPC requests and cause the applications to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to NULL pointer dereference when handling malicious content. An adjacent attacker can send specially crafted RPC requests and cause the applications to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-4925
Install update from vendor's website.