The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Broadcom |
|
| Vmware |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 31 Oct 2025 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vmware cloud Foundation
|
|
| CPEs | cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3o:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3p:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3q:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3r:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3s:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:* |
|
| Vendors & Products |
Vmware cloud Foundation
|
Tue, 21 Oct 2025 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 10 Jun 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
Wed, 20 Nov 2024 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
ssvc
|
Wed, 02 Oct 2024 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vmware
Vmware vcenter Server |
|
| Weaknesses | CWE-787 | |
| CPEs | cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update1e:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2a:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2b:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2c:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:8.0:update2d:*:*:*:*:*:* |
|
| Vendors & Products |
Vmware
Vmware vcenter Server |
Thu, 19 Sep 2024 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Broadcom
Broadcom vmware Cloud Foundation Broadcom vmware Vcenter Server |
|
| CPEs | cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:* |
cpe:2.3:a:broadcom:vmware_cloud_foundation:*:*:*:*:*:*:*:* cpe:2.3:a:broadcom:vmware_vcenter_server:*:*:*:*:*:*:*:* |
| Vendors & Products |
Vmware
Vmware cloud Foundation Vmware vcenter Server |
Broadcom
Broadcom vmware Cloud Foundation Broadcom vmware Vcenter Server |
Wed, 18 Sep 2024 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vmware
Vmware cloud Foundation Vmware vcenter Server |
|
| CPEs | cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Vmware
Vmware cloud Foundation Vmware vcenter Server |
|
| Metrics |
ssvc
|
Tue, 17 Sep 2024 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | |
| Title | Heap-overflow vulnerability | |
| Weaknesses | CWE-122 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2025-10-21T22:55:44.777Z
Reserved: 2024-06-19T22:31:57.187Z
Link: CVE-2024-38812
Vulnrichment
Updated: 2024-09-18T13:49:47.197Z
NVD
Status : Analyzed
Published: 2024-09-17T18:15:03.920
Modified: 2025-10-31T15:57:11.573
Link: CVE-2024-38812
Redhat
No data.
OpenCVE Enrichment
No data.