PT-2022-15672 · Zoom · Zoom Client For Meetings+1
Johnny Yu
·
Published
2022-02-09
·
Updated
2022-02-17
·
CVE-2022-22780
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Zoom Client for Meetings versions prior to 5.6.3 on Windows
Zoom Client for Meetings versions prior to 5.7.3 on macOS
Zoom Client for Meetings versions prior to 5.8.6 on Android
Zoom Client for Meetings versions prior to 5.8.6 on Linux
Zoom Client for Meetings versions prior to 5.9.0 on iOS
Description
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks. This could lead to availability issues on the client host by exhausting system resources.
Recommendations
For Windows versions prior to 5.6.3, update to version 5.6.3 or later.
For macOS versions prior to 5.7.3, update to version 5.7.3 or later.
For Android versions prior to 5.8.6, update to version 5.8.6 or later.
For Linux versions prior to 5.8.6, update to version 5.8.6 or later.
For iOS versions prior to 5.9.0, update to version 5.9.0 or later.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom Client For Meetings
Zoom