CVE-2022-22780

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.

CVSS v3 6.5 MEDIUM
CVSS v2.0 7.8 HIGH

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://explore.zoom.us/en/trust/security/security-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meetings::::::windows::*
	cpe:2.3:a:zoom:meetings::::::macos::*
	cpe:2.3:a:zoom:meetings::::::android::*
	cpe:2.3:a:zoom:meetings::::::linux::*
	cpe:2.3:a:zoom:meetings::::::iphone_os::*

History

17 Feb 2022, 02:12

Type	Values Removed	Values Added
CWE		CWE-400
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.8 v3 : 6.5
CPE		cpe:2.3:a:zoom:meetings::::::iphone_os::* cpe:2.3:a:zoom:meetings::::::linux::* cpe:2.3:a:zoom:meetings::::::windows::* cpe:2.3:a:zoom:meetings::::::macos::* cpe:2.3:a:zoom:meetings::::::android::*
References	~~(MISC) https://explore.zoom.us/en/trust/security/security-bulletin -~~	(MISC) https://explore.zoom.us/en/trust/security/security-bulletin - Vendor Advisory

09 Feb 2022, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-09 23:15

Updated : 2024-02-04 22:29

NVD link : CVE-2022-22780

Mitre link : CVE-2022-22780

CVE.ORG link : CVE-2022-22780

JSON object : View

Products Affected

zoom

meetings

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2022-22780", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@zoom.us", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-02-09T23:15:19.150", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin", "tags": ["Vendor Advisory"], "source": "security@zoom.us"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources."}, {"lang": "es", "value": "La funcionalidad chat de Zoom Client for Meetings era susceptible de sufrir ataques de bombardeo de Zip en las siguientes versiones del producto: Android versiones anteriores a 5.8.6, iOS versiones anteriores a 5.9.0, Linux versiones anteriores a 5.8.6, macOS versiones anteriores a 5.7.3 y Windows versiones anteriores a 5.6.3. Esto podr\u00eda conllevar a problemas de disponibilidad en el host cliente al agotar los recursos del sistema"}], "lastModified": "2022-02-17T02:12:27.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "CC39A599-FC9F-4969-9CC7-71FE55025C08", "versionEndExcluding": "5.6.3"}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "1605E28D-0488-49DA-9098-010813523159", "versionEndExcluding": "5.7.3"}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "97D6B6D9-A656-4D2C-A627-1766206644B8", "versionEndExcluding": "5.8.6"}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "55F568FB-8385-46CC-9C22-EA55E0019B34", "versionEndExcluding": "5.8.6"}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "1FE37907-1E61-4341-8302-941E50B192DB", "versionEndExcluding": "5.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@zoom.us"}