Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-4948

Summary
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At-05 Jan, 2018 | 14:00
Updated At-16 Sep, 2024 | 23:31
Rejected At-
Credits

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:vmware
Assigner Org ID:dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At:05 Jan, 2018 | 14:00
Updated At:16 Sep, 2024 | 23:31
Rejected At:
▼CVE Numbering Authority (CNA)

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Affected Products
Vendor
VMware (Broadcom Inc.)VMware
Product
Workstation
Versions
Affected
  • 14.x before 14.1.0
  • 12.x
Vendor
VMware (Broadcom Inc.)VMware
Product
Horizon Client for Windows
Versions
Affected
  • 4.x before 4.7.0
Problem Types
TypeCWE IDDescription
textN/AOut-of-bounds read
Type: text
CWE ID: N/A
Description: Out-of-bounds read
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1040109
vdb-entry
x_refsource_SECTRACK
http://www.securitytracker.com/id/1040108
vdb-entry
x_refsource_SECTRACK
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102441
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1040136
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securitytracker.com/id/1040109
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securitytracker.com/id/1040108
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/102441
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1040136
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1040109
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securitytracker.com/id/1040108
vdb-entry
x_refsource_SECTRACK
x_transferred
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/102441
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1040136
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040109
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040108
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/102441
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040136
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@vmware.com
Published At:05 Jan, 2018 | 14:29
Updated At:25 Jan, 2018 | 13:51

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.1HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Primary2.06.6MEDIUM
AV:L/AC:L/Au:N/C:C/I:N/A:C
Type: Primary
Version: 3.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Primary
Version: 2.0
Base score: 6.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:C
CPE Matches
VMware (Broadcom Inc.)
vmware
>>workstation>>12.0.0
cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.0.1
cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.1
cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.1.1
cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5
cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.0
cpe:2.3:a:vmware:workstation:12.5.0:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.1
cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.2
cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.3
cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.4
cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.5
cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.6
cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.7
cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.8
cpe:2.3:a:vmware:workstation:12.5.8:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>12.5.9
cpe:2.3:a:vmware:workstation:12.5.9:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>14.0
cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>horizon_view>>Versions from 4.0(inclusive) to 4.7(exclusive)
cpe:2.3:a:vmware:horizon_view:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-200Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/102441security@vmware.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040108security@vmware.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040109security@vmware.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040136security@vmware.com
Third Party Advisory
VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.htmlsecurity@vmware.com
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/102441
Source: security@vmware.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040108
Source: security@vmware.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040109
Source: security@vmware.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1040136
Source: security@vmware.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Source: security@vmware.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

109Records found
CVE-2019-14104
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.74%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-apq8053sdx55sm8150_firmwaresm8150sdx55_firmwareapq8053_firmwaresc8180xsc8180x_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-5896
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.39%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-4434
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.2.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11278
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-18 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7277
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 06:04
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-2584
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.93%
||
7 Day CHG~0.00%
Published-15 Jan, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-416
Use After Free
CVE-2020-9930
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.75%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:13
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9908
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.70%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:04
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-3617
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 7.74%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 06:25
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-kamorta_firmwareqcs610sdm636_firmwaresdm660sdm630sm7150_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150sdm670qcs610_firmwareqcs605_firmwaresdm670_firmwaresm8150_firmwaresdm636rennellsc7180sdm630_firmwaresda660_firmwarerennell_firmwareqcs605sm6150_firmwaresm8150sda660kamortasxr1130_firmwarenicobar_firmwaresxr1130sdm660_firmwarenicobarSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found