Denial of Service in Zoom Clients
CVE-2023-22881

6.5MEDIUM

Key Information:

Vendor: Zoom
Status: Zoom (for Android, iOS, Linux, Mac OS, And Windows) Clients Before Version 5.13.5
Vendor: CVE Published:; 16 March 2023

What is CVE-2023-22881?

A security flaw in Zoom clients prior to version 5.13.5 allows remote attackers to exploit a STUN parsing vulnerability. By sending specially crafted UDP packets to a vulnerable client, an attacker can trigger a crash, resulting in a denial of service. This vulnerability emphasizes the need for users to keep their software updated to protect against unforeseen attacks.

Affected Version(s)

Zoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5 < 5.13.5

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jan 9, 2023