Lucene search

VMwareVMSA-2022-0002

HistoryJan 18, 2022 - 12:00 a.m.

VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)

2022-01-1800:00:00

www.vmware.com

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.8%

JSON

3. Denial-of-service vulnerability via Cortado ThinPrint (CVE-2022-22938)

VMware Workstation and Horizon Client for Windows contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in the TrueType font parser. VMware has evaluated the severity of the issue to be in the Moderate severity range with a CVSSv3 base score of 4.0.

CPENameOperatorVersion
workstationlt16.2.2
horizon client for windowslt5.5.3

CPE	Name	Operator	Version
	workstation	lt	16.2.2
	horizon client for windows	lt	5.5.3

References

customerconnect.vmware.com/downloads/details?downloadGroup=WKST-1622-WIN&productId=1038&rPId=82543

customerconnect.vmware.com/en/downloads/details?downloadGroup=CART23FQ1_WIN_553&productId=863&rPId=83368

customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-1622&productId=1039&rPId=82555

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22938

docs.vmware.com/en/VMware-Horizon-Client-for-Windows/5.5.3/rn/VMware-Horizon-Client-for-Windows-553-Release-Notes.html

docs.vmware.com/en/VMware-Workstation-Player/16.2.2/rn/VMware-Workstation-1622-Player-Release-Notes.html

docs.vmware.com/en/VMware-Workstation-Pro/16.2.2/rn/VMware-Workstation-1622-Pro-Release-Notes.html

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

11.8%

JSON

Related for VMSA-2022-0002