CVE-2022-28750

Summary

Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncZoom On-Premise Meeting Connector Zone Controller (ZC)unspecified < 4.8.20220419.112affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References