CVE-2023-36532

CVSS 5.9 MEDIUMEPSS 1.3%CWE-122

In short

A buffer overflow vulnerability in older versions of Zoom allows an attacker on the network to crash the application and prevent users from using it, without needing to log in.

Technical detail

CWE-122 buffer overflow in Zoom Clients prior to 5.14.5 can be exploited by an unauthenticated attacker with network access to trigger a denial of service condition. The vulnerability requires no authentication or user interaction, affecting availability through memory corruption.

Summary generated and translated by AI from the official description.

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Zoom Video Communications, Inc. · Zoom Clients

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://explore.zoom.us/en/trust/security/security-bulletin/