CVE-2017-4950
published 2018-01-11CVE-2017-4950: VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound…
high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | fusion | — | — |
| vmware | fusion | — | — |
| vmware | fusion | >= 10.0 < 10.1.1 | 10.1.1 |
| vmware | fusion | >= 8.0 < 8.5.10 | 8.5.10 |
| vmware | fusion_pro | — | — |
| vmware | horizon_client | — | — |
| vmware | vmware_fusion | — | — |
| vmware | vmware_horizon | — | — |
| vmware | vmware_workstation | — | — |
| vmware | workstation | >= 12.0 < 12.5.9 | 12.5.9 |
| vmware | workstation | >= 14.0 < 14.1.1 | 14.1.1 |
| vmware | workstation_player | — | — |
| vmware | workstation_pro | — | — |
| vmware | workstation_pro_player | — | — |
| vmware | workstation_pro_player | — | — |