Vulnerability Details CVE-2020-3946
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-3946
-
cpe:2.3:a:vmware:installbuilder:19.10.0
-
cpe:2.3:a:vmware:installbuilder:19.7.1
-
cpe:2.3:a:vmware:installbuilder:19.8.0
-
cpe:2.3:a:vmware:installbuilder:19.9.0