Zoom 客户端 - 缓冲区溢出

公告: ZSB-23048
CVEID: CVE-2023-39204
CVSS 严重性: 中
CVSS 分数: 4.3
CVSS 矢量字符串: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

说明:

在一些 Zoom 客户端中，缓冲区溢出可能会允许未经身份验证的用户通过网络访问执行拒绝服务。

用户可以通过应用当前更新或从 https://zoom.us/zh-cn/download 下载包含所有当前安全更新的最新 Zoom 软件来确保自身安全。

受影响产品:

Zoom Desktop Client for Windows before version 5.15.10
Zoom Desktop Client for macOS before version 5.15.10
Zoom Mobile App for iOS before version 5.15.10
Zoom Mobile App for Android before version 5.15.10
Zoom Desktop Client for Linux before version 5.15.10
Zoom Rooms Client for Windows before version 5.15.10
Zoom Rooms Client for macOS before version 5.15.10
Zoom Rooms Client for Android before version 5.15.10
Zoom Rooms Client for iPad before version 5.15.10
Zoom VDI Client before version 5.16.0 (excluding 5.14.13 and 5.15.11)
Zoom Video SDK for Windows before version 1.8.10
Zoom Video SDK for macOS before version 1.8.10
Zoom Video SDK for Android before version 1.8.10
Zoom Video SDK for iOS before version 1.8.10
Zoom Video SDK for Linux before version 1.8.10
Zoom Meeting SDK for Windows before version 5.15.10
Zoom Meeting SDK for iOS before version 5.15.10
Zoom Meeting SDK for Android before version 5.15.10
Zoom Meeting SDK for macOS before version 5.15.10
Zoom Meeting SDK for Linux before version 5.15.10

来源:

报告者：Zoom 攻击性安全团队。

Revision	日期	说明
1.0	11/14/2023	首次出版