VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)

An out-of-bounds write (CVE-2023-34048) and a partial information disclosure (CVE-2023-34056) in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

VIRTUALIZATION & CLOUD COMPUTING

10/26/20231 min read

Advisory ID: VMSA-2023-0023

CVSSv3 Range: 4.3-9.8

Issue Date: 2023-10-25

Updated On: 2023-10-25 (Initial Advisory)

CVE(s): CVE-2023-34048, CVE-2023-34056

Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)

vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

For more information: https://www.vmware.com/security/advisories/VMSA-2023-0023.html

Contacts

contact@metatech.ma
+212-660838914

Socials
Subscribe to our newsletter