CVE-2024-45421
Published: 25 February 2025
Summary
CVE-2024-45421 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Zoom Meeting Software Development Kit. Its CVSS base score is 8.5 (High).
Operationally, ranked in the top 28.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation mandates timely patching of the buffer overflow vulnerability as specified in Zoom's security bulletin ZSB-24043.
Memory protection implements safeguards like ASLR and DEP to block code execution from buffer overflow exploits.
Information input validation restricts malformed network inputs that could trigger the buffer overflow.
NVD Description
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Deeper analysisAI
CVE-2024-45421 is a buffer overflow vulnerability, associated with CWE-122 and CWE-119, affecting some Zoom Apps. Published on 2025-02-25T20:15:35.400, it carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to network accessibility, low privilege requirements, no user interaction, and scope change with high impacts on confidentiality, integrity, and availability.
An authenticated user with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), despite high attack complexity (AC:H). Successful exploitation enables escalation of privilege, potentially allowing the attacker to achieve high-level impacts on confidentiality, integrity, and availability within a changed scope (S:C).
Zoom's security bulletin ZSB-24043, available at https://www.zoom.com/en/trust/security-bulletin/zsb-24043/, provides further details on the vulnerability and associated mitigations or patches.
Details
- CWE(s)