Lucene search

[email protected]CVE-2023-39206

HistoryNov 14, 2023 - 11:15 p.m.

CVE-2023-39206

2023-11-1423:15:09

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-39206

buffer overflow

zoom clients

unauthenticated

dos

network access

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Affected configurations

NVD

Node

zoommeetingsRange<5.16.0android

zoommeetingsRange<5.16.0iphone_os

zoommeetingsRange<5.16.0linux

zoommeetingsRange<5.16.0macos

zoommeetingsRange<5.16.0windows

zoomroomsRange<5.16.0android

zoomroomsRange<5.16.0ipad_os

zoomroomsRange<5.16.0macos

zoomroomsRange<5.16.0windows

zoomvideo_software_development_kitRange<1.9.0android

zoomvideo_software_development_kitRange<1.9.0iphone_os

zoomvideo_software_development_kitRange<1.9.0linux

zoomvideo_software_development_kitRange<1.9.0macos

zoomvideo_software_development_kitRange<1.9.0windows

zoomvirtual_desktop_infrastructureRange<5.14.13

zoomvirtual_desktop_infrastructureRange5.15.0–5.15.11

zoomzoomRange<5.16.0android

zoomzoomRange<5.16.0iphone_os

zoomzoomRange<5.16.0linux

zoomzoomRange<5.16.0macos

zoomzoomRange<5.16.0windows

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.16.0
zoom:roomszoom roomslt5.16.0
zoom:video_software_development_kitzoom video software development kitlt1.9.0
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.14.13
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.15.11
zoom:zoomzoomlt5.16.0

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.16.0
zoom:rooms	zoom rooms	lt	5.16.0
zoom:video_software_development_kit	zoom video software development kit	lt	1.9.0
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.14.13
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.15.11
zoom:zoom	zoom	lt	5.16.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "iOS",
      "Android"
    ],
    "product": "Zoom Clients",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "see references"
      }
    ]
  }
]