3. VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.
customerconnect.vmware.com/downloads/details?downloadGroup=FUS-1220&productId=1040&rPId=75335
customerconnect.vmware.com/downloads/details?downloadGroup=WKST-PLAYER-1620&productId=1039&rPId=77292
customerconnect.vmware.com/en/downloads/details?downloadGroup=ESXI70U3C&productId=974&rPId=83414
customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-1620-WIN&productId=1038&rPId=75715
customerconnect.vmware.com/patch/
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22045
docs.vmware.com/en/VMware-Cloud-Foundation/3.11/rn/VMware-Cloud-Foundation-311-Release-Notes.html
docs.vmware.com/en/VMware-Cloud-Foundation/4.4/rn/VMware-Cloud-Foundation-44-Release-Notes.html
docs.vmware.com/en/VMware-Fusion/12.2.0/rn/VMware-Fusion-1220-Release-Notes.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202110001.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202111001.html#esxi670-202111101-sg-resolved
docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3c-release-notes.html
docs.vmware.com/en/VMware-Workstation-Player/16.2.0/rn/VMware-Workstation-1620-Player-Release-Notes.html
docs.vmware.com/en/VMware-Workstation-Pro/16.2.0/rn/VMware-Workstation-1620-Pro-Release-Notes.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H