Skip to main content

Zoom CVE-2023-22881

HIGH
Buffer Overflow (CWE-119)
2023-03-16 security@zoom.us
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 16, 2023 - 21:15 nvd
HIGH 7.5

DescriptionNVD

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

AnalysisAI

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. Affected products include: Zoom. Version information: version 5.13.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Zoom

View all
CVE-2017-15049 HIGH POC
8.8 Dec 19

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when c

CVE-2017-15048 HIGH POC
8.8 Dec 19

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote

CVE-2020-6109 CRITICAL POC
9.8 Jun 08

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including anima

CVE-2018-15715 CRITICAL POC
9.8 Nov 30

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0

CVE-2020-6110 HIGH POC
8.8 Jun 08

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages incl

CVE-2019-13567 HIGH POC
8.8 Jul 12

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-134

CVE-2026-1368 HIGH POC
7.5 Feb 18

Video Conferencing with Zoom WordPre versions up to 4.6.6 is affected by improper authentication (CVSS 7.5).

CVE-2019-13450 MEDIUM POC
6.5 Jul 09

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a v

CVE-2019-13449 MEDIUM POC
6.5 Jul 09

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a s

CVE-2026-22844 CRITICAL
9.9 Jan 20

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing m

CVE-2024-24691 CRITICAL
9.8 Feb 14

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Wind

CVE-2023-39213 CRITICAL
9.8 Aug 08

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may all

Share

CVE-2023-22881 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy