Denial of Service in Zoom Clients
CVE-2023-22881

7.5HIGH

Key Information:

Vendor: Zoom
Status: Zoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5
Vendor: CVE Published:; 16 March 2023

Summary

A security flaw in Zoom clients prior to version 5.13.5 allows remote attackers to exploit a STUN parsing vulnerability. By sending specially crafted UDP packets to a vulnerable client, an attacker can trigger a crash, resulting in a denial of service. This vulnerability emphasizes the need for users to keep their software updated to protect against unforeseen attacks.

Affected Version(s)

Zoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5 < 5.13.5

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jan 9, 2023