Zoom Apps and SDKs - Improper Input Validation

Bulletin: ZSB-24020
CVEID: CVE-2024-27241
CVSS Severity: Medium
CVSS Score: 5.3
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description:

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace Desktop App for Windows before version 6.0.0
Zoom Workplace Desktop App for macOS before version 6.0.0
Zoom Workplace Desktop App for Linux before version 6.0.0
Zoom Workplace VDI App for Windows before version 5.17.13
Zoom Workplace App for iOS before version 6.0.0
Zoom Workplace App for Android before version 6.0.0
Zoom Rooms App for Windows before version 6.0.0
Zoom Rooms App for Mac before version 6.0.0
Zoom Rooms App for iPad before version 6.0.0
Zoom Meeting SDK for Windows before version 6.0.0
Zoom Meeting SDK for iOS before version 6.0.0
Zoom Meeting SDK for Android before version 6.0.0
Zoom Meeting SDK for macOS before version 6.0.0
Zoom Meeting SDK for Linux before version 6.0.0

Source:

Reported by Zoom Offensive Security.

Revision	Date	Description
1.0	07/09/2024	Initial publication.