CVE-2023-39203

EPSS 0.17%
Published 14.11.2023 23:15:08
Last modified 21.11.2024 08:14:54
Source security@zoom.us
Teams watchlist Login
Open Login

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Virtual Desktop Infrastructure Version < 5.14.13

Zoom ≫ Virtual Desktop Infrastructure Version >= 5.15.0 < 5.15.11

Zoom ≫ Zoom SwPlatformwindows Version < 5.16.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.388

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@zoom.us	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-789 Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39203

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39203

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39203

EUVD