Lucene search

[email protected]CVE-2021-34423

HistoryNov 24, 2021 - 5:15 p.m.

CVE-2021-34423

2021-11-2417:15:00

CWE-120

[email protected]

web.nvd.nist.gov

161

zoom

buffer overflow

vulnerability

cybersecurity

cve-2021-34423

nvd

security advisory

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.9%

JSON

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.8.3
zoom:meetingszoom meetingslt5.8.4
zoom:meetings_for_blackberryzoom meetings for blackberrylt5.8.1
zoom:meetings_for_intunezoom meetings for intunelt5.8.4
zoom:meetings_for_chrome_oszoom meetings for chrome oslt5.0.1
zoom:rooms_for_conference_roomszoom rooms for conference roomslt5.8.3
zoom:controllers_for_zoom_roomszoom controllers for zoom roomslt5.8.3
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.8.4
zoom:windows_meeting_sdkzoom windows meeting sdklt5.7.6.1081
zoom:macos_meeting_sdkzoom macos meeting sdklt5.7.6.1340

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.8.3
zoom:meetings	zoom meetings	lt	5.8.4
zoom:meetings_for_blackberry	zoom meetings for blackberry	lt	5.8.1
zoom:meetings_for_intune	zoom meetings for intune	lt	5.8.4
zoom:meetings_for_chrome_os	zoom meetings for chrome os	lt	5.0.1
zoom:rooms_for_conference_rooms	zoom rooms for conference rooms	lt	5.8.3
zoom:controllers_for_zoom_rooms	zoom controllers for zoom rooms	lt	5.8.3
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.8.4
zoom:windows_meeting_sdk	zoom windows meeting sdk	lt	5.7.6.1081
zoom:macos_meeting_sdk	zoom macos meeting sdk	lt	5.7.6.1340