CVE-2022-22780

Published: Feb 9, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

Affected (5)

Products: Zoom: Meetings

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Zoom Meetings	Before 5.8.6
Zoom Meetings	Before 5.9.0
Zoom Meetings	Before 5.8.6
Zoom Meetings	Before 5.7.3
Zoom Meetings	Before 5.6.3

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://explore.zoom.us/en/trust/security/security-bulletin

Source: security@zoom.us

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.