Input validation error in Zoom Video Communications, Inc. products - CVE-2023-22881
Published: March 15, 2023
Vulnerability identifier: #VU73693
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-22881
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for Linux
Zoom Workplace Desktop App for macOS
Zoom Workplace App for Android
Zoom Workplace App for iOS
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for Linux
Zoom Workplace Desktop App for macOS
Zoom Workplace App for Android
Zoom Workplace App for iOS
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing STUN packets. A remote attacker can send specially crafted UDP traffic to the application and perform a denial of service (DoS) attack.
How to mitigate CVE-2023-22881
Install updates from vendor's website.