Main Vulnerability Database Vulnerabilities #VU26148

#VU26148 Heap overflow in VMware Workstation and VMware Horizon Client - CVE-2020-3951

Published: March 17, 2020

Vulnerability identifier: #VU26148

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3951

CWE-ID: CWE-122

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
VMware Workstation
VMware Horizon Client

Software vendor:
VMware, Inc

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within Cortado Thinprint. A local user can trigger heap overflow and crash the Thinprint service running on the system where Workstation or Horizon Client is installed.

Remediation

Install updates from vendor's website.

External links

https://www.vmware.com/security/advisories/VMSA-2020-0005.html