CVE-2020-3999

6.5
6.5 / 10
MEDIUM

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Weakness: NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Published: 2020-12-21

Researcher Credit

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-3999 Exploits

Exploits for CVE-2020-3999 are not publicly available.

Access our inventory of exclusive N-Day CVE Exploits, provided for legal security research and testing purposes. Inquire about our offerings by email: [email protected] (PGP key).

Official CVE References

View references (1)