CVE-2022-22780
Description
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.907
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-34425,CVE-2022-22780 are affected in Zoom 5.7.1 | Windows |
| Vulnerabilities CVE-2021-34425,CVE-2022-22780 are affected in Zoom 5.7.1(x64) | Windows |
| Vulnerabilities CVE-2022-22780 are fixed in Zoom (x64) (5.15.7.20303) | Windows |
| Vulnerabilities CVE-2022-22780 are fixed in Zoom (5.6.3.751) | Windows |
| Vulnerabilities CVE-2022-22780 are fixed in Zoom Notes Plugin (5.6.3.106) | Windows |
| Vulnerabilities CVE-2022-22780 are fixed in Zoom Outlook Plugin (5.6.3.105) | Windows |
| Vulnerabilities CVE-2022-22780 are fixed in Zoom for MAC 5.6.3.706 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-320728 | Zoom (5.7.4.804) |
| PATCH-319772 | Zoom (x64) (5.6.6.961) |
| PATCH-332244 | Zoom (x64) (5.15.7.20303) |
| PATCH-332243 | Zoom (5.15.7.20303) |
| PATCH-331891 | Zoom Notes Plugin (5.15.5.925) |
| PATCH-331892 | Zoom Outlook Plugin (5.15.5.926) |
| PATCH-611907 | Zoom for MAC (Intel) (6.5.12.63499) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234