Home

Description

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

PUBLISHED Reserved 2022-01-07 | Published 2022-02-09 | Updated 2024-09-16 | Assigner Zoom




MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

Problem types

Allocation of Resources Without Limits or Throttling

Product status

Any version before 5.8.6
affected

Any version before 5.9.0
affected

Any version before 5.8.6
affected

Any version before 5.7.3
affected

Any version before 5.6.3
affected

Credits

Johnny Yu of Walmart Global Tech

References

explore.zoom.us/en/trust/security/security-bulletin

explore.zoom.us/en/trust/security/security-bulletin

cve.org (CVE-2022-22780)

nvd.nist.gov (CVE-2022-22780)

Download JSON