{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-49140", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-02T10:39:41.634Z", "datePublished": "2025-06-09T21:13:12.388Z", "dateUpdated": "2025-06-10T20:04:42.050Z"}, "containers": {"cna": {"title": "Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77"}, {"name": "https://github.com/pion/webrtc/issues/3148", "tags": ["x_refsource_MISC"], "url": "https://github.com/pion/webrtc/issues/3148"}, {"name": "https://github.com/pion/interceptor/pull/338", "tags": ["x_refsource_MISC"], "url": "https://github.com/pion/interceptor/pull/338"}, {"name": "https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5", "tags": ["x_refsource_MISC"], "url": "https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5"}], "affected": [{"vendor": "pion", "product": "interceptor", "versions": [{"version": ">= 0.1.36, < 0.1.39", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-09T21:13:12.388Z"}, "descriptions": [{"lang": "en", "value": "Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen > 0 && padLen <= payloadLength` and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload."}], "source": {"advisory": "GHSA-f26w-gh5m-qq77", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-10T20:04:30.298657Z", "id": "CVE-2025-49140", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T20:04:42.050Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49140", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-10T20:04:30.298657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T20:04:36.697Z"}}], "cna": {"title": "Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)", "source": {"advisory": "GHSA-f26w-gh5m-qq77", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "pion", "product": "interceptor", "versions": [{"status": "affected", "version": ">= 0.1.36, < 0.1.39"}]}], "references": [{"url": "https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77", "name": "https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pion/webrtc/issues/3148", "name": "https://github.com/pion/webrtc/issues/3148", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pion/interceptor/pull/338", "name": "https://github.com/pion/interceptor/pull/338", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5", "name": "https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen > 0 && padLen <= payloadLength` and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-09T21:13:12.388Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49140", "state": "PUBLISHED", "dateUpdated": "2025-06-10T20:04:42.050Z", "dateReserved": "2025-06-02T10:39:41.634Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-09T21:13:12.388Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen > 0 && padLen <= payloadLength` and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload."}, {"lang": "es", "value": "Pion Interceptor es un framework para crear software de comunicaci\u00f3n RTP/RTCP. Las versiones v0.1.36 a v0.1.38 contienen un error en una f\u00e1brica de paquetes RTP que puede explotarse para generar un p\u00e1nico con SFU basado en Pion mediante paquetes RTP manipulados. Esto solo afecta a los usuarios que usan pion/interceptor. Los usuarios deben actualizar a la versi\u00f3n v0.1.39 o posterior, que valida que `padLen &gt; 0 &amp;&amp; padLen &lt;= payloadLength` y devuelve un error en caso de desbordamiento, evitando as\u00ed el p\u00e1nico. Si no es posible actualizar, aplique el parche desde la solicitud de extracci\u00f3n manualmente o descarte los paquetes cuyo bit P est\u00e9 configurado, pero cuyo padLen sea cero o mayor que la carga \u00fatil restante."}], "id": "CVE-2025-49140", "lastModified": "2025-06-12T16:06:47.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-06-09T22:15:22.153", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5"}, {"source": "security-advisories@github.com", "url": "https://github.com/pion/interceptor/pull/338"}, {"source": "security-advisories@github.com", "url": "https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77"}, {"source": "security-advisories@github.com", "url": "https://github.com/pion/webrtc/issues/3148"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{}