How severe is CVE-2020-3958?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-3958?

This is classified as CWE-617, which is a common weakness in software security.

CVE-2020-3958 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.

Related Vulnerabilities

CVE-2015-8745

MEDIUM

CVSS:5.5(Medium)

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_...

CWE-6172015

CVE-2016-9388

MEDIUM

CVSS:5.5(Medium)

The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.

CWE-6172016

CVE-2017-14649

MEDIUM

CVSS:5.5(Medium)

ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

CWE-6172017

CVE-2017-15371

MEDIUM

CVSS:5.5(Medium)

There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an a...

CWE-6172017

CVE-2017-18169

MEDIUM

CVSS:5.5(Medium)

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

CWE-6172017

CVE-2017-5981

MEDIUM

CVSS:5.5(Medium)

seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.

CWE-6172017