CVE-2024-38812

Heap-overflow vulnerability

CVSS 9.8 CRITICALEPSS 54.1%● KEVCWE-122

In short

vCenter Server has a memory overflow flaw in how it handles network communications that allows attackers to crash the system or run malicious code by sending specially crafted packets over the network.

Technical detail

A heap buffer overflow exists in the DCERPC protocol handler of vCenter Server; remote unauthenticated attackers can exploit this via crafted network packets to achieve arbitrary code execution with the privileges of the vCenter process.

Summary generated and translated by AI from the official description.

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · VMware Cloud Foundation n/a · VMware vCenter Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38812