Zoom Team Chat Susceptible to Zip Bombing

Bulletin: ZSB-22002
CVEID: CVE-2022-22780
CVSS Severity: Medium
CVSS Score: 4.7
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

Description:

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

All Zoom Client for Meetings for Android before version 5.8.6
All Zoom Client for Meetings for iOS before version 5.9.0
All Zoom Client for Meetings for Linux before version 5.8.6
All Zoom Client for Meetings for macOS before version 5.7.3
All Zoom Client for Meetings for Windows before version 5.6.3

Source:

Reported by Johnny Yu of Walmart Global Tech

Revision	Date	Description
1.0	02/08/2022	Initial Publication

Zoom Team Chat Susceptible to Zip Bombing

Subscribe for updates