CVE-2022-22780 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2022-22780

Analyzed

More Info Official Page

Source-security@zoom.us

Published At-09 Feb, 2022 | 23:15

Updated At-17 Feb, 2022 | 02:12

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Secondary	3.1	4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
Primary	2.0	7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

Type: Primary

Version: 2.0

Base score: 7.8

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Zoom Communications, Inc.

>>meetings>>Versions before 5.6.3(exclusive)

cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*

Zoom Communications, Inc.

>>meetings>>Versions before 5.7.3(exclusive)

cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*

Zoom Communications, Inc.

>>meetings>>Versions before 5.8.6(exclusive)

cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*

Zoom Communications, Inc.

>>meetings>>Versions before 5.8.6(exclusive)

cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*

Zoom Communications, Inc.

>>meetings>>Versions before 5.9.0(exclusive)

cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Primary	nvd@nist.gov

CWE ID: CWE-400

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://explore.zoom.us/en/trust/security/security-bulletin	security@zoom.us	Vendor Advisory

Hyperlink: https://explore.zoom.us/en/trust/security/security-bulletin

Source: security@zoom.us

Resource:

Vendor Advisory