vulnerability

Zoom Zoom: CVE-2023-28601: Improper Restriction of Operations within the Bounds of a Memory Buffer in Zoom Clients

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:A/AC:M/Au:N/C:C/I:C/A:C)	Jun 13, 2023	Jan 8, 2025	Feb 9, 2026

Severity

CVSS

(AV:A/AC:M/Au:N/C:C/I:C/A:C)

Published

Jun 13, 2023

Added

Jan 8, 2025

Modified

Feb 9, 2026

Description

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates fromhttps://zoom.us/download.

Solution

zoom-zoom-upgrade-latest

References

CVE-2023-28601
https://attackerkb.com/topics/CVE-2023-28601
URL-https://www.zoom.com/en/trust/security-bulletin/ZSB-23009
CWE-358
CWE-119

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today