CVE-2022-22780
MEDIUMZoom Meetings - Uncontrolled Resource Consumption via Zip Bomb in Chat Functionality
Title source: llmDescription
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://explore.zoom.us/en/trust/security/security-bulletin
Scores
CVSS v3
4.7
EPSS
0.0091
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (4)
zoom/meetings
< 5.6.3
zoom/meetings
< 5.7.3
zoom/meetings
< 5.8.6 (2 CPE variants)
zoom/meetings
< 5.9.0
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026