Denial of Service in Zoom Clients

Bulletin: ZSB-23002
CVEID: CVE-2023-22881 CVE-2023-22882
CVSS Severity: Medium
CVSS Score: 6.5
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description:

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5

Source:

Reported by Zoom Offensive Security Team

Revision	Date	Description
1.0	03/14/2023	Initial Publication

Denial of Service in Zoom Clients

Subscribe for updates