CVE-2023-28601

Summary

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications, Inc.Zoom for Windows Clientbefore 5.14.0affected

Weaknesses

  • CWE-358: CWE-358: Improperly Implemented Security Check for Standard

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References