CVE-2022-28750: Zoom On-Premise Deployments: Stack Buffer Overflow in Meeting Connector
First published: Tue Aug 09 2022(Updated: )
Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meeting Connector | <4.8.20220419.112 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-28750?
CVE-2022-28750 is rated as a high severity vulnerability due to its potential for memory corruption and application crashes.
How do I fix CVE-2022-28750?
To fix CVE-2022-28750, upgrade the Zoom On-Premise Meeting Connector Zone Controller to version 4.8.20220419.112 or later.
What are the potential impacts of CVE-2022-28750?
CVE-2022-28750 can lead to application crashes and disrupt service availability.
Which versions of Zoom On-Premise Meeting Connector are affected by CVE-2022-28750?
Versions of Zoom On-Premise Meeting Connector prior to 4.8.20220419.112 are affected by CVE-2022-28750.
Is CVE-2022-28750 related to STUN protocols?
Yes, CVE-2022-28750 involves improper parsing of STUN error codes which contributes to its memory corruption issues.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/zoom
- canonical/zoom meeting connector