cnvd - cnvd-2018-10313

cnvd-2018-10313

Vulnerability from cnvd

Title: VMware Workstation和Fusion拒绝服务漏洞（CNVD-2018-10313）

Description:

VMWare Workstation和Fusion都是美国威睿（VMware）公司的桌面虚拟计算机软件，前者提供可以同时运行多个不同的操作系统的虚拟机功能，后者是用于在苹果机（Mac）上运行Windows应用程序的虚拟机软件。

VMware Workstation 14.1.2之前的14.x版本和Fusion 10.1.2之前的10.x版本中存在拒绝服务漏洞。攻击者可利用该漏洞造成gust设备停止服务（空指针逆向引用）。

Severity: 中

Patch Name: VMware Workstation和Fusion拒绝服务漏洞（CNVD-2018-10313）的补丁

Patch Description:

VMware Workstation 14.1.2之前的14.x版本和Fusion 10.1.2之前的10.x版本中存在拒绝服务漏洞。攻击者可利用该漏洞造成gust设备停止服务（空指针逆向引用）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.vmware.com/security/advisories/VMSA-2018-0013.html

Reference: https://securitytracker.com/id/1040957

Impacted products

Name
['VMware Workstation 14.，<14.1.2', 'VMware Fusion 10.，<10.1.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104237"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6963"
    }
  },
  "description": "VMWare Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u684c\u9762\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\uff0c\u524d\u8005\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\uff0c\u540e\u8005\u662f\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002\r\n\r\nVMware Workstation 14.1.2\u4e4b\u524d\u768414.x\u7248\u672c\u548cFusion 10.1.2\u4e4b\u524d\u768410.x\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210gust\u8bbe\u5907\u505c\u6b62\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\uff09\u3002",
  "discovererName": "Hahna Latonick and Kevin Fujimoto working with Trend Micro\u0027s Zero Day Initiative, and Bruno Botelho (@utxsec).",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2018-0013.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10313",
  "openTime": "2018-05-25",
  "patchDescription": "VMWare Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u684c\u9762\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\uff0c\u524d\u8005\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\uff0c\u540e\u8005\u662f\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002\r\n\r\nVMware Workstation 14.1.2\u4e4b\u524d\u768414.x\u7248\u672c\u548cFusion 10.1.2\u4e4b\u524d\u768410.x\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210gust\u8bbe\u5907\u505c\u6b62\u670d\u52a1\uff08\u7a7a\u6307\u9488\u9006\u5411\u5f15\u7528\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Workstation\u548cFusion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-10313\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware Workstation 14.*\uff0c\u003c14.1.2",
      "VMware Fusion 10.*\uff0c\u003c10.1.2"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1040957",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-23",
  "title": "VMware Workstation\u548cFusion\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-10313\uff09"
}

CVE-2018-6963 (GCVE-0-2018-6963)

Vulnerability from cvelistv5

Published

2018-05-22 13:00

Modified

2024-09-16 16:53

Severity ?

CWE

Multiple Denial-of-service vulnerabilities

Summary

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/104237	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040957	vdb-entry, x_refsource_SECTRACK
	https://www.vmware.com/security/advisories/VMSA-2018-0013.html	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

VMware

Workstation

Version: 14.x before 14.1.2

VMware

Fusion

Version: 10.x before 10.1.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:17.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104237",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104237"
          },
          {
            "name": "1040957",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040957"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Workstation",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "14.x before 14.1.2"
            }
          ]
        },
        {
          "product": "Fusion",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "10.x before 10.1.2"
            }
          ]
        }
      ],
      "datePublic": "2018-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Multiple Denial-of-service vulnerabilities",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-23T09:57:01",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "name": "104237",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104237"
        },
        {
          "name": "1040957",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040957"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "DATE_PUBLIC": "2018-05-21T00:00:00",
          "ID": "CVE-2018-6963",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Workstation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.x before 14.1.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fusion",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.x before 10.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Multiple Denial-of-service vulnerabilities"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104237",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104237"
            },
            {
              "name": "1040957",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040957"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2018-6963",
    "datePublished": "2018-05-22T13:00:00Z",
    "dateReserved": "2018-02-14T00:00:00",
    "dateUpdated": "2024-09-16T16:53:07.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted