CVE-2022-22780

EPSS 0.91%
Published 09.02.2022 23:15:19
Last modified 21.11.2024 06:47:26
Source security@zoom.us
Teams watchlist Login
Open Login

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Meetings SwPlatformwindows Version < 5.6.3

Zoom ≫ Meetings SwPlatformmacos Version < 5.7.3

Zoom ≫ Meetings SwPlatformandroid Version < 5.8.6

Zoom ≫ Meetings SwPlatformlinux Version < 5.8.6

Zoom ≫ Meetings SwPlatformiphone_os Version < 5.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.91%	0.75

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
security@zoom.us	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://explore.zoom.us/en/trust/security/security-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22780

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22780

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22780

EUVD