7.5

CVE-2023-39206

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZoomMeetings SwPlatformandroid Version < 5.16.0
ZoomMeetings SwPlatformiphone_os Version < 5.16.0
ZoomMeetings SwPlatformlinux Version < 5.16.0
ZoomMeetings SwPlatformmacos Version < 5.16.0
ZoomMeetings SwPlatformwindows Version < 5.16.0
ZoomRooms SwPlatformandroid Version < 5.16.0
ZoomRooms SwPlatformipad_os Version < 5.16.0
ZoomRooms SwPlatformmacos Version < 5.16.0
ZoomRooms SwPlatformwindows Version < 5.16.0
ZoomVideo Software Development Kit SwPlatformandroid Version < 1.9.0
ZoomVideo Software Development Kit SwPlatformiphone_os Version < 1.9.0
ZoomVideo Software Development Kit SwPlatformlinux Version < 1.9.0
ZoomVideo Software Development Kit SwPlatformmacos Version < 1.9.0
ZoomVideo Software Development Kit SwPlatformwindows Version < 1.9.0
ZoomVirtual Desktop Infrastructure Version < 5.14.13
ZoomVirtual Desktop Infrastructure Version >= 5.15.0 < 5.15.11
ZoomZoom SwPlatformandroid Version < 5.16.0
ZoomZoom SwPlatformiphone_os Version < 5.16.0
ZoomZoom SwPlatformlinux Version < 5.16.0
ZoomZoom SwPlatformmacos Version < 5.16.0
ZoomZoom SwPlatformwindows Version < 5.16.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.536
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@zoom.us 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.