Security Advisory – Buffer Overflow Vulnerability Across Multiple Zoom Platforms

Zoom has reported a buffer overflow vulnerability, designated as CVE-2024-27243, affecting multiple Zoom products. With a CVSS severity rating of medium and a score of 6.5, the issue could potentially allow an authenticated user to cause a denial of service through network access. The vulnerability impacts various Zoom apps and SDKs, including:

  • Zoom Workplace Desktop App for Windows, macOS, and Linux prior to version 5.17.5
  • Zoom Workplace VDI App for Windows prior to version 5.17.5, excluding versions 5.15.17 and 5.16.15
  • Zoom Workplace Apps for iOS and Android before version 5.17.5
  • Zoom Meeting SDK across Windows, macOS, Linux, iOS, and Android before version 5.17.5

Users of the affected versions are encouraged to update to the latest releases as soon as possible to mitigate the risk. Updates are available on Zoom’s official download page.

This vulnerability was highlighted in the Zoom security bulletin ZSB-24014 and can lead to disruptions in service due to its potential for denial of service attacks. For more details, users can refer to the official Zoom security bulletin.

Source: Zoom Security Bulletin