Impact
In the Android operating system, the RtcpChunk::decodeRtcpChunk function can read past the end of a heap‑allocated buffer, resulting in an out‑of‑bounds read. This heap buffer overread (CWE‑122 / CWE‑125) may expose sensitive memory contents to an attacker through a remote side channel, without requiring any privilege escalation. No code execution is possible, but disclosure of memory data could reveal secrets such as cryptographic keys or configuration information.
Affected Systems
The vulnerability affects devices running Google Android. No specific version range is provided in the advisory, so all currently supported Android releases that implement RtcpChunk::decodeRtcpChunk are potentially impacted.
Risk and Exploitability
The CVSS score of 3.5 classifies the issue as low severity. The EPSS score of less than 1% indicates a very small current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. A user interaction is required for exploitation, and an attacker would need to craft a malicious RTCP packet or otherwise manipulate the networking stack to trigger the bounds overread.
OpenCVE Enrichment