CRITICAL🇬🇧 English

CVE-2021-34423

CVSS 9.8v3.1pub. 2021-11-24upd. 2024-11-21

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple iOS

    OS
    Apple
    wszystkie wersje
  • Apple macOS

    OS
    Apple
    wszystkie wersje
  • Google Android

    OS
    Google
    wszystkie wersje
  • Linux Kernel

    OS
    Linux
    wszystkie wersje
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Zoom Android Meeting Sdk

    APP
    Zoom
    < 5.7.6.1922
  • Zoom Android Video Sdk

    APP
    Zoom
    < 1.1.2
  • Zoom Controllers For Zoom Rooms

    APP
    Zoom
    < 5.8.3
  • Zoom Hybrid Mmr

    APP
    Zoom
    < 4.6.20211116.131
  • Zoom Hybrid Zproxy

    APP
    Zoom
    < 1.0.1058.20211116
  • Zoom Iphone Os Meeting Sdk

    APP
    Zoom
    < 5.7.6.1082
  • Zoom Iphone Os Video Sdk

    APP
    Zoom
    < 1.1.2
  • Zoom macOS Meeting Sdk

    APP
    Zoom
    < 5.7.6.1340
  • Zoom macOS Video Sdk

    APP
    Zoom
    < 1.1.2
  • Zoom Meetings

    APP
    Zoom
    < 5.8.3< 5.8.4
  • Zoom Meetings For Blackberry

    APP
    Zoom
    < 5.8.1
  • Zoom Meetings For Chrome Os

    APP
    Zoom
    < 5.0.1
  • Zoom Meetings For Intune

    APP
    Zoom
    < 5.8.4
  • Zoom Rooms For Conference Rooms

    APP
    Zoom
    < 5.8.3
  • Zoom Vdi Azure Virtual Desktop

    APP
    Zoom
    < 5.8.4.21112
  • Zoom Vdi Citrix

    APP
    Zoom
    < 5.8.4.21112
  • Zoom Vdi VMware

    APP
    Zoom
    < 5.8.4.21112
  • Zoom Vdi Windows Meeting Client

    APP
    Zoom
    < 5.8.4
  • Zoom Virtual Desktop Infrastructure

    APP
    Zoom
    < 5.8.4
  • Zoom Windows Meeting Sdk

    APP
    Zoom
    < 5.7.6.1081
  • Zoom Windows Video Sdk

    APP
    Zoom
    < 1.1.2
  • Zoom On Premise Meeting Connector Controller

    APP
    Zoom
    < 4.8.12.20211115
  • Zoom On Premise Meeting Connector Mmr

    APP
    Zoom
    < 4.8.12.20211115
  • Zoom On Premise Recording Connector

    APP
    Zoom
    < 5.1.0.65.20211116
  • Zoom On Premise Virtual Room Connector

    APP
    Zoom
    < 4.4.7266.20211117
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio