CVE-2024-24696: 
NixOS vulnerability analysis and mitigation

CVE-2024-24696 is a security vulnerability affecting multiple Zoom products including Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The vulnerability was discovered and reported by researcher shmoul, and was disclosed on February 13, 2024. This improper input validation flaw affects versions of Zoom Desktop Client for Windows before 5.17.0, Zoom VDI Client for Windows before 5.17.5 (excluding 5.15.15 and 5.16.12), and Zoom Meeting SDK for Windows before 5.17.0 (Zoom Bulletin).

The vulnerability has been assigned a CVSS v3.1 score of 6.8 (Medium severity), with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N. The flaw specifically relates to improper input validation with in-meeting chat functionality. The technical assessment indicates that the vulnerability requires network access and user interaction to be exploited (Zoom Bulletin).

If successfully exploited, the vulnerability could allow an authenticated user to conduct a disclosure of information through network access. The CVSS scoring indicates high confidentiality impact, while integrity and availability remain unaffected (Zoom Bulletin).

Zoom has released patches to address this vulnerability. Users are advised to update to Zoom Desktop Client for Windows version 5.17.0 or later, Zoom VDI Client for Windows version 5.17.5 or later, and Zoom Meeting SDK for Windows version 5.17.0 or later. Updates can be obtained from the official Zoom download page (Zoom Bulletin).