https://communities.vmware.com/wbsdv95928/tracker andre_o Tracker Sat, 18 Nov 2023 03:43:51 GMT 2023-11-18T03:43:51Z https://communities.vmware.com/t5/Virtual-Disk-Development-Kit/Security-vulnerabilities-in-3rd-party-packages-shipped-with-VDDK/m-p/2959210#M2379 <P><SPAN>VDDK</SPAN>&nbsp;version 7.0.3.2 includes few third party packages which have known&nbsp;<SPAN>security</SPAN> vulnerabilities:</P><UL><LI>zlib-1.2.12 (<A href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434" target="_blank" rel="noopener">https://nvd.nist.gov/vuln/detail/CVE-2022-37434</A>)</LI><LI>OpenSSL-1.0.2ze (<A href="https://nvd.nist.gov/vuln/detail/CVE-2022-2068" target="_blank" rel="noopener">https://nvd.nist.gov/vuln/detail/CVE-2022-2068</A>)</LI><LI>curl-7.76.1 (<A href="https://nvd.nist.gov/vuln/detail/CVE-2021-22901" target="_blank" rel="noopener">https://nvd.nist.gov/vuln/detail/CVE-2021-22901</A>, <A href="https://nvd.nist.gov/vuln/detail/CVE-2021-22898" target="_blank" rel="noopener"><BR />https://nvd.nist.gov/vuln/detail/CVE-2021-22898</A>, <A href="https://nvd.nist.gov/vuln/detail/CVE-2021-22897" target="_blank" rel="noopener">https://nvd.nist.gov/vuln/detail/CVE-2021-22897</A>)</LI></UL><P>&nbsp;</P><P>Could someone please share some details on whether the above-states vulnerabilities are affecting (and/or can be exploited via) the <SPAN>VDDK? If so, we would kindly request a&nbsp;7.0.3.X VDDK update</SPAN>&nbsp;with those third party packages upgraded to patched version.</P><P>If VDDK is not affected, it would be great to have some details why/how&nbsp;</P><P>Thanks a lot!</P> Wed, 15 Mar 2023 04:53:24 GMT https://communities.vmware.com/t5/Virtual-Disk-Development-Kit/Security-vulnerabilities-in-3rd-party-packages-shipped-with-VDDK/m-p/2959210#M2379 andre_o 2023-03-15T04:53:24Z