In certain product versions, users were able to send malicious Zip files to the chat room, which would cause the chat to freeze for users in that room. This would occur because the Zoom server does not accept malformed ZIP files. As a result, if an employee opens a malicious Zip file received in Zoom, the file could cause the host system to crash. This could lead to data loss for the affected user if the system where they were working was part of the affected product version. This issue was resolved in V1.6.12.10. Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3 were all vulnerable to an out-of-bounds write issue that could lead to remote code execution. This issue was resolved in V1.6.12.10.

Only part of the HTTP request is validated

When the HTTP request is received by the server, Zoom will validate a certain amount of it. However, it will not validate the entire request. This can cause the server to crash if an attacker sends malicious data in the POST request.

Vulnerability Details: CVE-2022-22780

A buffer overflow was found in the Zoom team chat service. The issue occurred when sending a malformed ZIP file to the team chat room. If a user sends a malicious Zip file, it could cause the host system to crash and data loss for the affected user if they were working on that host system.

Vulnerability summary

If you are using any of the following versions of Zoom, you may be affected by the vulnerability.
- Version 2.8.5 or earlier
- Version 3.10 or earlier
- Version 3.4 or earlier
- Version 4.9 or earlier
- Version 5.0 or earlier
- Android 5 before version 5.8.6 (with host system running Zoom)
- iOS before version 5.9.0 (with host system running Zoom)
- Linux before version 5.8.6 (with host system running Zoom)
- macOS before version 5.7.3 (with host system running Zoom)
- Windows before version 5.6.3 (with host system running Zoom)

Vulnerability Lab Information

This vulnerability was found with the help of Tencent.
The CVE number associated with this vulnerability is CVE-2022-22780. This vulnerability was assigned a severity rating of 8 out of 10.


Published on: 02/09/2022 23:15:00 UTC
Last modified on: 02/17/2022 02:12:00 UTC