1. Home
  2. CVE Database
  3. CVE-2020-3951
LOW · 3.8

CVE-2020-3951

VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attacke...

Vulnerability Description

VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.

CVSS Score

3.8

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
VmwareHorizon Client>= 5.0.0, < 5.4.0
VmwareWorkstation>= 15.0.0, < 15.5.2
MicrosoftWindows-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2020-3951?

CVE-2020-3951 is a vulnerability with a CVSS score of 3.8 (LOW). VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attacke...

How severe is CVE-2020-3951?

CVE-2020-3951 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3951?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Horizon Client, Vmware Workstation, Microsoft Windows.