Use After Free in Zoom Workplace Apps and SDKs Affecting User Experience
CVE-2024-27239

4.3MEDIUM

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Workplace Apps And Sdks
Vendor: CVE Published:; 25 February 2025

Summary

A vulnerability exists in certain Zoom Workplace Apps and SDKs, where a use after free condition may be exploited by an authenticated user. This flaw has the potential to enable attackers to conduct a denial of service through network access, affecting the availability of the application for users. Users are recommended to update their applications to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Zoom Workplace Apps and SDKs MacOS See references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24018/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 21, 2024