CVE-2020-3992 - Use After Free

Severity

98%

Complexity

39%

Confidentiality

98%

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

First reported 4 years ago

2020-10-20 17:15:00

Last updated 4 years ago

2020-11-26 00:15:00

Affected Software

VMware Cloud Foundation

VMware Esxi 6.5

6.5

Vmware ESXi 6.5 2

6.5

VMware ESXi 6.5 650-201701001

6.5

VMware ESXi 6.5 650-201703001

6.5

VMware ESXi 6.5 650-201703002

6.5

VMware ESXi 6.5 650-201704001

6.5

VMware ESXi 6.5 650-201707101

6.5

VMware ESXi 6.5 650-201707102

6.5

VMware ESXi 6.5 650-201707103

6.5

VMware ESXi 6.5 650-201707201

6.5

VMware ESXi 6.5 650-201707202

6.5

VMware ESXi 6.5 650-201707203

6.5

VMware ESXi 6.5 650-201707204

6.5

VMware ESXi 6.5 650-201707205

6.5

VMware ESXi 6.5 650-201707206

6.5

VMware ESXi 6.5 650-201707207

6.5

VMware ESXi 6.5 650-201707208

6.5

VMware ESXi 6.5 650-201707209

6.5

VMware ESXi 6.5 650-201707210

6.5

VMware ESXi 6.5 650-201707211

6.5

VMware ESXi 6.5 650-201707212

6.5

VMware ESXi 6.5 650-201707213

6.5

VMware ESXi 6.5 650-201707214

6.5

VMware ESXi 6.5 650-201707215

6.5

VMware ESXi 6.5 650-201707216

6.5

VMware ESXi 6.5 650-201707217

6.5

VMware ESXi 6.5 650-201707218

6.5

VMware ESXi 6.5 650-201707219

6.5

VMware ESXi 6.5 650-201707220

6.5

VMware ESXi 6.5 650-201707221

6.5

VMware ESXi 6.5 650-201710001

6.5

VMware ESXi 6.5 650-201712001

6.5

VMware ESXi 6.5 650-201803001

6.5

VMware ESXi 6.5 650-201806001

6.5

VMware ESXi 6.5 650-201808001

6.5

VMware ESXi 6.5 650-201810001

6.5

VMware ESXi 6.5 650-201810002

6.5

VMware ESXi 6.5 650-201811001

6.5

VMware ESXi 6.5 650-201811002

6.5

VMware ESXi 6.5 650-201811301

6.5

VMware ESXi 6.5 650-201901001

6.5

VMware ESXi 6.5 650-201903001

6.5

VMware ESXi 6.5 650-201905001

6.5

VMware Esxi 6.5 650-201908001

6.5

VMware Esxi 6.5 650-201910001

6.5

VMware Esxi 6.5 650-20191004001

6.5

VMware ESXi 6.5 650-201911001

6.5

VMware ESXi 6.5 650-201911401

6.5

VMware ESXi 6.5 650-201911402

6.5

VMware ESXi 6.5 650-201912001

6.5

VMware ESXi 6.5 650-201912002

6.5

VMware ESXi 6.5 650-201912101

6.5

VMware ESXi 6.5 650-201912102

6.5

VMware ESXi 6.5 650-201912103

6.5

VMware ESXi 6.5 650-201912104

6.5

VMware ESXi 6.5 650-201912301

6.5

VMware ESXi 6.5 650-201912401

6.5

VMware ESXi 6.5 650-201912402

6.5

VMware ESXi 6.5 650-201912403

6.5

VMware ESXi 6.5 650-201912404

6.5

VMware ESXi 6.5 650-202005001

6.5

VMware Esxi 6.7

6.7

VMware ESXi 6.7 670-201806001

6.7

VMware ESXi 6.7 670-201807001

6.7

VMware ESXi 6.7 670-201808001

6.7

VMware ESXi 6.7 670-201810001

6.7

VMware ESXi 6.7 670-201810101

6.7

VMware ESXi 6.7 670-201810102

6.7

VMware ESXi 6.7 670-201810103

6.7

VMware ESXi 6.7 670-201810201

6.7

VMware ESXi 6.7 670-201810202

6.7

VMware ESXi 6.7 670-201810203

6.7

VMware ESXi 6.7 670-201810204

6.7

VMware ESXi 6.7 670-201810205

6.7

VMware ESXi 6.7 670-201810206

6.7

VMware ESXi 6.7 670-201810207

6.7

VMware ESXi 6.7 670-201810208

6.7

VMware ESXi 6.7 670-201810209

6.7

VMware ESXi 6.7 670-201810210

6.7

VMware ESXi 6.7 670-201810211

6.7

VMware ESXi 6.7 670-201810212

6.7

VMware ESXi 6.7 670-201810213

6.7

VMware ESXi 6.7 670-201810214

6.7

VMware ESXi 6.7 670-201810215

6.7

VMware ESXi 6.7 670-201810216

6.7

VMware ESXi 6.7 670-201810217

6.7

VMware ESXi 6.7 670-201810218

6.7

VMware ESXi 6.7 670-201810219

6.7

VMware ESXi 6.7 670-201810220

6.7

VMware ESXi 6.7 670-201810221

6.7

VMware ESXi 6.7 670-201810222

6.7

VMware ESXi 6.7 670-201810223

6.7

VMware ESXi 6.7 670-201810224

6.7

VMware ESXi 6.7 670-201810225

6.7

VMware ESXi 6.7 670-201810226

6.7

VMware ESXi 6.7 670-201810227

6.7

VMware ESXi 6.7 670-201810228

6.7

VMware ESXi 6.7 670-201810229

6.7

VMware ESXi 6.7 670-201810230

6.7

VMware ESXi 6.7 670-201810231

6.7

VMware ESXi 6.7 670-201810232

6.7

VMware ESXi 6.7 670-201810233

6.7

VMware ESXi 6.7 670-201810234

6.7

VMware ESXi 6.7 670-201811001

6.7

VMware ESXi 6.7 670-201901001

6.7

VMware ESXi 6.7 670-201901401

6.7

VMware ESXi 6.7 670-201901402

6.7

VMware ESXi 6.7 670-201901403

6.7

VMware Esxi 6.7 670-201903001

6.7

VMware Esxi 6.7 670-201904001

6.7

VMware ESXi 6.7 670-201904201

6.7

VMware ESXi 6.7 670-201904201-UG

6.7

VMware ESXi 6.7 670-201904202

6.7

VMware ESXi 6.7 670-201904202-UG

6.7

VMware ESXi 6.7 670-201904203

6.7

VMware ESXi 6.7 670-201904203-UG

6.7

VMware ESXi 6.7 670-201904204

6.7

VMware ESXi 6.7 670-201904204-UG

6.7

VMware ESXi 6.7 670-201904205

6.7

VMware ESXi 6.7 670-201904205-UG

6.7

VMware ESXi 6.7 670-201904206

6.7

VMware ESXi 6.7 670-201904206-UG

6.7

VMware ESXi 6.7 670-201904207

6.7

VMware ESXi 6.7 670-201904207-UG

6.7

VMware ESXi 6.7 670-201904208

6.7

VMware ESXi 6.7 670-201904208-UG

6.7

VMware ESXi 6.7 670-201904209

6.7

VMware ESXi 6.7 670-201904209-UG

6.7

VMware ESXi 6.7 670-201904210

6.7

VMware ESXi 6.7 670-201904210-UG

6.7

VMware ESXi 6.7 670-201904211

6.7

VMware ESXi 6.7 670-201904211-UG

6.7

VMware ESXi 6.7 670-201904212

6.7

VMware ESXi 6.7 670-201904212-UG

6.7

VMware ESXi 6.7 670-201904213

6.7

VMware ESXi 6.7 670-201904213-UG

6.7

VMware ESXi 6.7 670-201904214

6.7

VMware ESXi 6.7 670-201904214-UG

6.7

VMware ESXi 6.7 670-201904215

6.7

VMware ESXi 6.7 670-201904215-UG

6.7

VMware ESXi 6.7 670-201904216

6.7

VMware ESXi 6.7 670-201904216-UG

6.7

VMware ESXi 6.7 670-201904217

6.7

VMware ESXi 6.7 670-201904217-UG

6.7

VMware ESXi 6.7 670-201904218

6.7

VMware ESXi 6.7 670-201904218-UG

6.7

VMware ESXi 6.7 670-201904219

6.7

VMware ESXi 6.7 670-201904219-UG

6.7

VMware ESXi 6.7 670-201904220

6.7

VMware ESXi 6.7 670-201904220-UG

6.7

VMware ESXi 6.7 670-201904221

6.7

VMware ESXi 6.7 670-201904221-UG

6.7

VMware ESXi 6.7 670-201904222

6.7

VMware ESXi 6.7 670-201904222-UG

6.7

VMware ESXi 6.7 670-201904223

6.7

VMware ESXi 6.7 670-201904223-UG

6.7

VMware ESXi 6.7 670-201904224

6.7

VMware ESXi 6.7 670-201904224-UG

6.7

VMware ESXi 6.7 670-201904225

6.7

VMware ESXi 6.7 670-201904225-UG

6.7

VMware ESXi 6.7 670-201904226

6.7

VMware ESXi 6.7 670-201904226-UG

6.7

VMware ESXi 6.7 670-201904227

6.7

VMware ESXi 6.7 670-201904227-UG

6.7

VMware ESXi 6.7 670-201904228

6.7

VMware ESXi 6.7 670-201904228-UG

6.7

VMware ESXi 6.7 670-201904229

6.7

VMware ESXi 6.7 670-201904229-UG

6.7

VMware Esxi 6.7 670-201905001

6.7

VMware Esxi 6.7 670-201906002

6.7

VMware Esxi 6.7 670-201908101

6.7

VMware Esxi 6.7 670-201908102

6.7

VMware Esxi 6.7 670-201908103

6.7

VMware Esxi 6.7 670-201908104

6.7

VMware Esxi 6.7 670-201908201

6.7

VMware Esxi 6.7 670-201908202

6.7

VMware Esxi 6.7 670-201908203

6.7

VMware Esxi 6.7 670-201908204

6.7

VMware Esxi 6.7 670-201908205

6.7

VMware Esxi 6.7 670-201908206

6.7

VMware Esxi 6.7 670-201908207

6.7

VMware Esxi 6.7 670-201908208

6.7

VMware Esxi 6.7 670-201908209

6.7

VMware Esxi 6.7 670-201908210

6.7

VMware Esxi 6.7 670-201908211

6.7

VMware Esxi 6.7 670-201908212

6.7

VMware Esxi 6.7 670-201908213

6.7

VMware Esxi 6.7 670-201908214

6.7

VMware Esxi 6.7 670-201908215

6.7

VMware Esxi 6.7 670-201908216

6.7

VMware Esxi 6.7 670-201908217

6.7

VMware Esxi 6.7 670-201908218

6.7

VMware Esxi 6.7 670-201908219

6.7

VMware Esxi 6.7 670-201908220

6.7

VMware Esxi 6.7 670-201908221

6.7

VMware ESXi 6.7 670-201912001

6.7

VMware ESXi 6.7 670-201912101

6.7

VMware ESXi 6.7 670-201912102

6.7

VMware ESXi 6.7 670-201912401

6.7

VMware ESXi 6.7 670-201912402

6.7

VMware ESXi 6.7 670-201912403

6.7

VMware ESXi 6.7 670-201912404

6.7

VMware ESXi 6.7 670-201912405

6.7

VMware ESXi 6.7 670-202004001

6.7

VMware ESXi 6.7 670-202004002

6.7

VMware ESXi 6.7 670-202004301

6.7

VMware ESXi 6.7 670-202004401

6.7

VMware ESXi 6.7 670-202004402

6.7

VMware ESXi 6.7 670-202004403

6.7

VMware ESXi 6.7 670-202004404

6.7

VMware ESXi 6.7 670-202004405

6.7

VMware ESXi 6.7 670-202004406

6.7

VMware ESXi 6.7 670-202004407

6.7

VMware ESXi 6.7 670-202004408

6.7

References

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

Patch, Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1377/

https://www.zerodayinitiative.com/advisories/ZDI-20-1385/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.