CVE-2015-2338

2015-06-1314:59:00

CWE-399

[email protected]

web.nvd.nist.gov

vmware

workstation

player

horizon client

memory allocation

vulnerability

cve-2015-2338

6.3 Medium

AI Score

Confidence

Low

6.1 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

50.4%

JSON

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339.

CPENameOperatorVersion
vmware:horizon_clientvmware horizon clienteq3.2.0
vmware:horizon_clientvmware horizon clienteq3.3
vmware:horizon_view_clientvmware horizon view clienteq5.4
vmware:horizon_view_clientvmware horizon view clienteq5.4.1
vmware:playervmware playereq6.0
vmware:playervmware playereq7.1
vmware:workstationvmware workstationeq10.0.4
vmware:fusionvmware fusioneq6.0.1
vmware:workstationvmware workstationeq10.0.3
vmware:workstationvmware workstationeq10.0

CPE	Name	Operator	Version
vmware:horizon_client	vmware horizon client	eq	3.2.0
vmware:horizon_client	vmware horizon client	eq	3.3
vmware:horizon_view_client	vmware horizon view client	eq	5.4
vmware:horizon_view_client	vmware horizon view client	eq	5.4.1
vmware:player	vmware player	eq	6.0
vmware:player	vmware player	eq	7.1
vmware:workstation	vmware workstation	eq	10.0.4
vmware:fusion	vmware fusion	eq	6.0.1
vmware:workstation	vmware workstation	eq	10.0.3
vmware:workstation	vmware workstation	eq	10.0