Vulnerability Description
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Horizon Client | >= 4.0.0, < 4.8.1 |
| Vmware | Horizon View | >= 6.0.0, < 6.2.7 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105031Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041430Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0019.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/105031Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041430Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0019.htmlPatchVendor Advisory
FAQ
What is CVE-2018-6970?
CVE-2018-6970 is a vulnerability with a CVSS score of 6.5 (MEDIUM). VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. S...
How severe is CVE-2018-6970?
CVE-2018-6970 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6970?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Horizon Client, Vmware Horizon View.