high
7.5
CWE
125
Advisory Published
Updated

CVE-2021-34424: Process memory exposure in Zoom Client and other products

First published: Wed Nov 24 2021(Updated: )

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory.

Credit: security@zoom.us

Affected SoftwareAffected VersionHow to fix
Zoom Meetings<5.8.3
Google Android
Zoom Meetings<5.8.4
Apple macOS
Apple iPhone OS
Linux Linux kernel
Microsoft Windows
Zoom Meetings For Blackberry<5.8.1
Zoom Meetings For Intune<5.8.4
Zoom Meetings For Chrome Os<5.0.1
Zoom Rooms For Conference Rooms<5.8.3
Zoom Controllers For Zoom Rooms<5.8.3
Zoom Virtual Desktop Infrastructure<5.8.4
Zoom Android Meeting Sdk<5.7.6.1922
Zoom Iphone Os Meeting Sdk<5.7.6.1082
Zoom Macos Meeting Sdk<5.7.6.1340
Zoom Windows Meeting Sdk<5.7.6.1081
Zoom Android Video Sdk<1.1.2
Zoom Iphone Os Video Sdk<1.1.2
Zoom Macos Video Sdk<1.1.2
Zoom Windows Video Sdk<1.1.2
Zoom Hybrid MMR<4.6.20211116.131
Zoom Hybrid Zproxy<1.0.1058.20211116
Zoom Zoom On-premise Meeting Connector Controller<4.8.12.20211115
Zoom Zoom On-premise Meeting Connector Mmr<4.8.12.20211115
Zoom Zoom On-premise Recording Connector<5.1.0.65.20211116
Zoom Zoom On-premise Virtual Room Connector<4.4.7266.20211117
Zoom Zoom On-premise Virtual Room Connector Load Balancer<2.5.5692.20211117
Zoom VDI Azure Virtual Desktop<5.8.4.21112
Zoom VDI Citrix<5.8.4.21112
Zoom VDI VMware<5.8.4.21112

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-34424?

    CVE-2021-34424 is a vulnerability discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for Intune (for Android and iOS) before version 5.8.4, and Zoom Rooms for Conference Rooms before version 5.8.3.

  • What is the severity of CVE-2021-34424?

    CVE-2021-34424 has a severity score of 7.5 (high).

  • What software versions are affected by CVE-2021-34424?

    CVE-2021-34424 affects Zoom Client for Meetings (before version 5.8.4), Zoom Client for Meetings for Blackberry (before version 5.8.1), Zoom Client for Meetings for Intune (before version 5.8.4), and Zoom Rooms for Conference Rooms (before version 5.8.3).

  • How can I fix CVE-2021-34424?

    To fix CVE-2021-34424, update your Zoom Client for Meetings to version 5.8.4, Zoom Client for Meetings for Blackberry to version 5.8.1, Zoom Client for Meetings for Intune to version 5.8.4, and Zoom Rooms for Conference Rooms to version 5.8.3.

  • Are Google Android, Apple macOS, Apple iPhone OS, Linux Linux kernel, and Microsoft Windows vulnerable to CVE-2021-34424?

    No, Google Android, Apple macOS, Apple iPhone OS, Linux Linux kernel, and Microsoft Windows are not vulnerable to CVE-2021-34424.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203