Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30668

Summary
Assigner-Zoom
Assigner Org ID-99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At-14 May, 2025 | 17:39
Updated At-02 Oct, 2025 | 20:44
Rejected At-
Credits

Zoom Workplace Apps - NULL Pointer Dereference

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zoom
Assigner Org ID:99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At:14 May, 2025 | 17:39
Updated At:02 Oct, 2025 | 20:44
Rejected At:
▼CVE Numbering Authority (CNA)
Zoom Workplace Apps - NULL Pointer Dereference

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.

Affected Products
Vendor
Zoom Communications, Inc.Zoom Communications, Inc
Product
Zoom Workplace Apps
Platforms
  • Windows
  • MacOS
  • Linux
  • iOS
  • Android
Default Status
unaffected
Versions
Affected
  • see references
Problem Types
TypeCWE IDDescription
CWECWE-191CWE-191 Integer Underflow (Wrap or Wraparound)
Type: CWE
CWE ID: CWE-191
Description: CWE-191 Integer Underflow (Wrap or Wraparound)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zoom.com/en/trust/security-bulletin/zsb-25020
N/A
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/zsb-25020
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zoom.us
Published At:14 May, 2025 | 18:15
Updated At:04 Nov, 2025 | 21:34

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Zoom Communications, Inc.
zoom
>>meeting_software_development_kit>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*
Zoom Communications, Inc.
zoom
>>meeting_software_development_kit>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*
Zoom Communications, Inc.
zoom
>>meeting_software_development_kit>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*
Zoom Communications, Inc.
zoom
>>meeting_software_development_kit>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>rooms>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*
Zoom Communications, Inc.
zoom
>>rooms>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*
Zoom Communications, Inc.
zoom
>>rooms>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
Zoom Communications, Inc.
zoom
>>rooms>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>rooms_controller>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*
Zoom Communications, Inc.
zoom
>>rooms_controller>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*
Zoom Communications, Inc.
zoom
>>rooms_controller>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*
Zoom Communications, Inc.
zoom
>>rooms_controller>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>workplace>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
Zoom Communications, Inc.
zoom
>>workplace_desktop>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
Zoom Communications, Inc.
zoom
>>workplace_desktop>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*
Zoom Communications, Inc.
zoom
>>workplace_desktop>>Versions before 6.4.0(exclusive)
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>workplace_virtual_desktop_infrastructure>>Versions before 6.1.17(exclusive)
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>workplace_virtual_desktop_infrastructure>>Versions from 6.1.18(inclusive) to 6.2.13(exclusive)
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>workplace_virtual_desktop_infrastructure>>Versions from 6.2.14(inclusive) to 6.3.10(exclusive)
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-191Secondarysecurity@zoom.us
CWE ID: CWE-191
Type: Secondary
Source: security@zoom.us
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zoom.com/en/trust/security-bulletin/zsb-25020security@zoom.us
Vendor Advisory
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/zsb-25020
Source: security@zoom.us
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

35Records found
CVE-2025-49458
Matching Score-8
Assigner-Zoom Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.27%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 21:25
Updated-17 Oct, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Clients - Buffer Overflow

Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_desktopworkplace_virtual_desktop_infrastructurerooms_controllermeeting_software_development_kitZoom Workplace Clients
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-49464
Matching Score-8
Assigner-Zoom Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 52.30%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:32
Updated-05 Aug, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for Windows- Classic Buffer Overflow

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients for Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-27239
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.14%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:33
Updated-01 Oct, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Divide By Zero

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplaceroomsZoom Workplace Apps and SDKs
CWE ID-CWE-416
Use After Free
CVE-2024-27246
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.14%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:32
Updated-20 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Use After Free

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-416
Use After Free
CVE-2024-27245
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.29%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:31
Updated-20 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-46789
Matching Score-8
Assigner-Zoom Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.26%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 15:50
Updated-22 Aug, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for Windows - Classic Buffer Overflow

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients for Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-46785
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.87%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:41
Updated-19 Aug, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Buffer Over-read

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitroomsrooms_controllerZoom Workplace Apps
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-30666
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.95%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:35
Updated-05 Aug, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructurerooms_controllerworkplace_desktopmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30667
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.95%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:36
Updated-04 Nov, 2025 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitrooms_controllerworkplaceZoom Workplace Apps
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30670
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 59.22%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:20
Updated-01 Aug, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Null Pointer

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllermeeting_software_development_kitworkplace_virtual_desktop_infrastructureroomsworkplace_desktopZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-0150
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.15% / 36.16%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 17:06
Updated-01 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for iOS - Incorrect Behavior Order

Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplacemeeting_software_development_kitZoom Workplace Apps for iOS
CWE ID-CWE-696
Incorrect Behavior Order
CVE-2025-30665
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.95%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:35
Updated-05 Aug, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructurerooms_controllerworkplace_desktopmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30671
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.20%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:21
Updated-01 Aug, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Null Pointer

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllermeeting_software_development_kitworkplace_virtual_desktop_infrastructureroomsworkplace_desktopZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-42437
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 70.50%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-04 Sep, 2024 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42438
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 72.65%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-29 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39215
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.36% / 58.63%
||
7 Day CHG+0.07%
Published-12 Sep, 2023 | 19:53
Updated-27 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvirtual_desktop_infrastructurezoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CWE ID-CWE-287
Improper Authentication
CVE-2023-39205
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 52.05%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:32
Updated-29 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructurevideo_software_development_kitmeetingszoomZoom Clients
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-22882
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 67.52%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Zoom Clients

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-22881
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 74.18%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Zoom Clients

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-45420
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.54%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 19:32
Updated-19 Aug, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Uncontrolled Resource Consumption

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopmeeting_software_development_kitvideo_software_development_kitroomsrooms_controllerworkplaceZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-24690
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.78%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:00
Updated-04 Oct, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Improper Input Validation

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitroomszoomvdi_windows_meeting_clientsZoom Clients
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-42436
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 71.94%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-04 Sep, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27243
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 69.66%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 20:37
Updated-06 Apr, 2026 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplaceworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopsee references
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-28761
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 58.29%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 14:51
Updated-14 May, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom On-Premise Deployments: Improper Access Control

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoom_on-premise_meeting_connector_mmrZoom On-Premise Meeting Connector MMR
CWE ID-CWE-284
Improper Access Control
CVE-2023-49646
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 6.47%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:19
Updated-20 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitvirtual_desktop_infrastructurezoomZoom Clients
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-287
Improper Authentication
CVE-2024-30011
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.26% / 85.03%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2016windows_server_2022windows_server_2019windows_server_2012Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2Windows Server 2022Windows Server 2016Windows Server 2012
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2022-21685
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 63.78%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 17:05
Updated-23 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer underflow in Frontier

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. Users who do not use MODEXP precompile in their runtime are not impacted. A patch is available in pull request #549.

Action-Not Available
Vendor-parityparitytech
Product-frontierfrontier
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-41821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 64.94%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 22:59
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.

Action-Not Available
Vendor-n/aWazuh, Inc.
Product-wazuhn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-6914
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-7.1||HIGH
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 16:47
Updated-06 May, 2026 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32

Action-Not Available
Vendor-MongoDB, Inc.
Product-mongodbMongoDB Server
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-41499
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 17.36%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 18:01
Updated-01 May, 2026 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in parse_uname_string()

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist in parse_uname_string() (remoted_op.c). This function processes OS identification data from agents and contains a dangerous code pattern that appears in 4 locations within the same function: writing to strlen(ptr) - 1 without checking for empty strings. When the string is empty, strlen() returns 0, and 0 - 1 wraps to SIZE_MAX due to unsigned integer underflow. Due to pointer arithmetic wrapping, SIZE_MAX effectively becomes -1, causing a write exactly 1 byte before the allocated buffer. This corrupts heap metadata (e.g., the chunk size field in glibc malloc), leading to heap corruption. This issue has been patched in version 4.14.4.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuh
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-25121
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 65.43%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 10:25
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rating by BestWebSoft < 1.6 - Rating Denial of Service

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating

Action-Not Available
Vendor-UnknownBestWebSoft
Product-ratingRating by BestWebSoft
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-24894
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.85% / 75.46%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:16
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS

The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page

Action-Not Available
Vendor-implecodeUnknown
Product-reviews_plusReviews Plus
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-20
Improper Input Validation
CVE-2026-35049
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.72%
||
7 Day CHG+0.01%
Published-02 Jun, 2026 | 18:35
Updated-04 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wire-ios has Persistent Remote DoS via Integer Underflow

wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receival with no user interaction. Since the malicious message persists in the conversation, the app enters a crash loop on relaunch and cannot be reopened until the local state is wiped. This issue has been fixed with version 4.16.0 which introduces the missing length check and is available via the App Store. No known workarounds are available.

Action-Not Available
Vendor-wireapp
Product-wire-ios
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-20
Improper Input Validation
CVE-2026-11789
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 13:02
Updated-12 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.

Action-Not Available
Vendor-Red Hat, Inc.
Product-directory_server389_directory_serverenterprise_linuxRed Hat Directory Server 13Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Directory Server 11Red Hat Enterprise Linux 6Red Hat Enterprise Linux 10Red Hat Directory Server 12Red Hat Enterprise Linux 9
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2022-3165
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.68%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-14 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectQEMU
Product-qemufedoraQEMU
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
Details not found