Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 864939 (CVE-2022-28755) - <net-im/zoom-5.11.0.3540: remote code execution via url parsing vulnerability
Summary: <net-im/zoom-5.11.0.3540: remote code execution via url parsing vulnerability
Status: RESOLVED FIXED
Alias: CVE-2022-28755
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://explore.zoom.us/en/trust/secu...
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-11 20:26 UTC by John Helmert III
Modified: 2022-08-12 00:42 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-11 20:26:17 UTC 
CVE-2022-28755:

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.

Please cleanup.
Comment 1 Larry the Git Cow gentoo-dev 2022-08-12 00:38:48 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f7ce21a121e3e07b3410f527028e891c9b8314a

commit 1f7ce21a121e3e07b3410f527028e891c9b8314a
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2022-08-12 00:38:25 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2022-08-12 00:38:25 +0000

    net-im/zoom: drop 5.10.7.3311
    
    Bug: https://bugs.gentoo.org/864939
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 net-im/zoom/Manifest                |   1 -
 net-im/zoom/zoom-5.10.7.3311.ebuild | 185 ------------------------------------
 2 files changed, 186 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-12 00:42:51 UTC 
Thanks, all done!