CVE-2022-22784
First published: Wed May 18 2022(Updated: )
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22784?
CVE-2022-22784 is a vulnerability in the Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 that allows a malicious user to break out of the current XMPP message context and create a new message context.
What is the severity of CVE-2022-22784?
CVE-2022-22784 has a severity rating of 8.1, indicating a high severity.
Which software versions are affected by CVE-2022-22784?
The Zoom Client for Meetings versions before 5.10.0 (for Android, iOS, Linux, MacOS, and Windows) are affected by CVE-2022-22784.
How can CVE-2022-22784 be exploited?
CVE-2022-22784 can be exploited by sending specially crafted XML stanzas in XMPP messages to the Zoom Client for Meetings, allowing an attacker to create a new message context.
How can I fix CVE-2022-22784?
To fix CVE-2022-22784, update the Zoom Client for Meetings to version 5.10.0 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/zoom
- canonical/zoom meetings