Uncontrolled Resource Consumption Vulnerability in Zoom SDKs
CVE-2023-36533

7.1HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Sdk's
Vendor: CVE Published:; 8 August 2023

Summary

An uncontrolled resource consumption vulnerability exists in Zoom SDKs that can be exploited by an unauthenticated user. This weakness allows an attacker to initiate a denial of service attack through network access, potentially leading to disruption of services. It is crucial for developers utilizing these SDKs to update to version 5.14.7 or later to mitigate this risk and ensure application reliability.

Affected Version(s)

Zoom SDK's before 5.14.7

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 22, 2023