CVE-2018-6982

MEDIUM

VMware ESXi - Information Disclosure via vmxnet3 Uninitialized Stack Memory

Title source: llm

Description

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1042055

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105882

Vendor Advisory x_refsource_confirm

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

Scores

CVSS v3 6.5

EPSS 0.0034

EPSS Percentile 56.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-908

Status published

Products (1)

vmware/esxi 6.0 (50 CPE variants)

Published Dec 04, 2018

Tracked Since Feb 18, 2026