CVE-2021-34423 Information

Jun 07, 2022 cve

Description

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android iOS Linux macOS and Windows) before version 5.8.4 Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1 Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4 Zoom Client for Meetings for Chrome OS before version 5.0.1 Zoom Rooms for Conference Room (for Android AndroidBali macOS and Windows) before version 5.8.3 Controllers for Zoom Rooms (for Android iOS and Windows) before version 5.8.3 Zoom VDI Windows Meeting Client before version 5.8.4 Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64 IGEL x64 Ubuntu x64 HP ThinPro OS x64) before version 5.8.4.21112 Zoom VDI Citrix Plugins (for Windows x86 or x64 Mac Universal Installer & Uninstaller IGEL x64 eLux RP6 x64 HP ThinPro OS x64 Ubuntu x64 CentOS x 64 Dell ThinOS) before version 5.8.4.21112 Zoom VDI VMware Plugins (for Windows x86 or x64 Mac Universal Installer & Uninstaller IGEL x64 eLux RP6 x64 HP ThinPro OS x64 Ubuntu x64 CentOS x 64 Dell ThinOS) before version 5.8.4.21112 Zoom Meeting SDK for Android before version 5.7.6.1922 Zoom Meeting SDK for iOS before version 5.7.6.1082 Zoom Meeting SDK for macOS before version 5.7.6.1340 Zoom Meeting SDK for Windows before version 5.7.6.1081 Zoom Video SDK (for Android iOS macOS and Windows) before version 1.1.2 Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115 Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115 Zoom On-Premise Recording Connector before version 5.1.0.65.20211116 Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117 Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117 Zoom Hybrid Zproxy before version 1.0.1058.20211116 and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application or leverage this vulnerability to execute arbitrary code.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://explore.zoom.us/en/trust/security/security-bulletin http://packetstormsecurity.com/files/165417/Zoom-Chat-Message-Processing-Buffer-Overflow.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: