CVE-2017-3513

low

Published 2017-04-24 · Modified 2026-05-13

CVSS v3

2.5

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

CVSS v2

1.9

VIR risk

2.5

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).

Predictions

Exploit likelihood

27%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-3513

vendor Authored 2026-05-27

Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

OS impact

OS	Version	Status	Fixed in
debian	sid	fixed	`5.1.20-dfsg-1`

Application impact

Vendor	Product	Versions	Fixed
oracle	vm_virtualbox	`{"startIncluding":"5.0.0","endIncluding":"5.0.36"}`

References

Verify integrity in audit chain (admin only). AS-IS.