CVE-2021-34423

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1900%

EPSS Percentile17.00th

PublishedNov 24, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

< 5.8.4

References & Advisories

🔗 http://packetstormsecurity.com/files/165417/Zoom-Chat-Message-Processing-Buffer-Overflow.html

🔗 https://explore.zoom.us/en/trust/security/security-bulletin

🔗 http://packetstormsecurity.com/files/165417/Zoom-Chat-Message-Processing-Buffer-Overflow.html

🔗 https://explore.zoom.us/en/trust/security/security-bulletin

Vulnerability Description

Affected Platforms (CPE)

Meetings

Meetings

Meetings For Blackberry

Meetings For Intune

Meetings For Chrome Os

Rooms For Conference Rooms

Controllers For Zoom Rooms

Virtual Desktop Infrastructure

Android Meeting Sdk

Iphone Os Meeting Sdk

Macos Meeting Sdk

Windows Meeting Sdk

Android Video Sdk

Iphone Os Video Sdk

Macos Video Sdk

Windows Video Sdk

Hybrid Mmr

Hybrid Zproxy

Zoom On Premise Meeting Connector Controller

Zoom On Premise Meeting Connector Mmr

Zoom On Premise Recording Connector

Zoom On Premise Virtual Room Connector

Zoom On Premise Virtual Room Connector Load Balancer

Vdi Azure Virtual Desktop

Vdi Citrix

Vdi Vmware

Vdi Windows Meeting Client

References & Advisories

Related Vulnerabilities