Lucene search

ZoomVULNRICHMENT:CVE-2024-42436

HistoryAug 14, 2024 - 4:41 p.m.

CVE-2024-42436 Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

2024-08-1416:41:03

CWE-122

Zoom

github.com

zoom

buffer overflow

workplace apps

sdks

rooms clients

denial of service

network access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

CNA Affected

[
  {
    "vendor": "Zoom Communications Inc.",
    "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
    "versions": [
      {
        "status": "affected",
        "version": "see references"
      }
    ],
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "iOS",
      "Android"
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.zoom.com/en/trust/security-bulletin/zsb-24031

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

14.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-42436