CVE-2021-34423

EPSS 0.56%
Published 24.11.2021 17:15:07
Last modified 21.11.2024 06:10:22
Source security@zoom.us
Teams watchlist Login
Open Login

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Meetings Version < 5.8.3

Google ≫ Android Version-

Zoom ≫ Meetings Version < 5.8.4

Apple ≫ macOS Version-

Zoom ≫ Meetings Version < 5.8.4

Apple ≫ iPhone OS Version-

Zoom ≫ Meetings Version < 5.8.4

Linux ≫ Linux Kernel Version-

Zoom ≫ Meetings Version < 5.8.4

Microsoft ≫ Windows Version-

Zoom ≫ Meetings For Blackberry Version < 5.8.1

Google ≫ Android Version-

Zoom ≫ Meetings For Blackberry Version < 5.8.1

Apple ≫ iPhone OS Version-

Zoom ≫ Meetings For Intune Version < 5.8.4

Apple ≫ iPhone OS Version-

Zoom ≫ Meetings For Intune Version < 5.8.4

Google ≫ Android Version-

Zoom ≫ Meetings For Chrome Os Version < 5.0.1

Zoom ≫ Rooms For Conference Rooms Version < 5.8.3

Google ≫ Android Version-

Zoom ≫ Rooms For Conference Rooms Version < 5.8.3

Apple ≫ macOS Version-

Zoom ≫ Rooms For Conference Rooms Version < 5.8.3

Microsoft ≫ Windows Version-

Zoom ≫ Controllers For Zoom Rooms Version < 5.8.3

Microsoft ≫ Windows Version-

Zoom ≫ Controllers For Zoom Rooms Version < 5.8.3

Apple ≫ iPhone OS Version-

Zoom ≫ Controllers For Zoom Rooms Version < 5.8.3

Google ≫ Android Version-

Zoom ≫ Virtual Desktop Infrastructure Version < 5.8.4

Zoom ≫ Android Meeting Sdk Version < 5.7.6.1922

Zoom ≫ Iphone Os Meeting Sdk Version < 5.7.6.1082

Zoom ≫ Macos Meeting Sdk Version < 5.7.6.1340

Zoom ≫ Windows Meeting Sdk Version < 5.7.6.1081

Zoom ≫ Android Video Sdk Version < 1.1.2

Zoom ≫ Iphone Os Video Sdk Version < 1.1.2

Zoom ≫ Macos Video Sdk Version < 1.1.2

Zoom ≫ Windows Video Sdk Version < 1.1.2

Zoom ≫ Hybrid Mmr Version < 4.6.20211116.131

Zoom ≫ Hybrid Zproxy Version < 1.0.1058.20211116

Zoom ≫ Zoom On-premise Meeting Connector Controller Version < 4.8.12.20211115

Zoom ≫ Zoom On-premise Meeting Connector Mmr Version < 4.8.12.20211115

Zoom ≫ Zoom On-premise Recording Connector Version < 5.1.0.65.20211116

Zoom ≫ Zoom On-premise Virtual Room Connector Version < 4.4.7266.20211117

Zoom ≫ Zoom On-premise Virtual Room Connector Load Balancer Version < 2.5.5692.20211117

Zoom ≫ Vdi Azure Virtual Desktop Version < 5.8.4.21112

Zoom ≫ Vdi Citrix Version < 5.8.4.21112

Zoom ≫ Vdi Vmware Version < 5.8.4.21112

Zoom ≫ Vdi Windows Meeting Client Version < 5.8.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.672

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security@zoom.us	7.3	3.9	3.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://explore.zoom.us/en/trust/security/security-bulletin

Vendor Advisory

http://packetstormsecurity.com/files/165417/Zoom-Chat-Message-Processing-Buffer-Overflow.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2021-34423

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34423

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34423

EUVD