Denial of Service in Zoom Clients
CVE-2023-22882

6.5MEDIUM

Key Information:

Vendor: Zoom
Status: Zoom (for Android, iOS, Linux, Mac OS, And Windows) Clients Before Version 5.13.5
Vendor: CVE Published:; 16 March 2023

Summary

Zoom clients prior to version 5.13.5 are susceptible to a STUN parsing vulnerability. An attacker can exploit this flaw by sending specially crafted UDP packets to a vulnerable Zoom client, which may lead to the application crashing and resulting in a denial of service. It's crucial for users of Zoom to update their clients to the latest version to avoid potential disruptions caused by this vulnerability.

Affected Version(s)

Zoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5 < 5.13.5

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jan 9, 2023