Description
In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Published: 2026-06-16
Score: 3.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Android operating system, the RtcpChunk::decodeRtcpChunk function can read past the end of a heap‑allocated buffer, resulting in an out‑of‑bounds read. This heap buffer overread (CWE‑122 / CWE‑125) may expose sensitive memory contents to an attacker through a remote side channel, without requiring any privilege escalation. No code execution is possible, but disclosure of memory data could reveal secrets such as cryptographic keys or configuration information.

Affected Systems

The vulnerability affects devices running Google Android. No specific version range is provided in the advisory, so all currently supported Android releases that implement RtcpChunk::decodeRtcpChunk are potentially impacted.

Risk and Exploitability

The CVSS score of 3.5 classifies the issue as low severity. The EPSS score of less than 1% indicates a very small current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. A user interaction is required for exploitation, and an attacker would need to craft a malicious RTCP packet or otherwise manipulate the networking stack to trigger the bounds overread.

Generated by OpenCVE AI on June 18, 2026 at 00:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available Android security update that patches the RtcpChunk::decodeRtcpChunk function.
  • Configure network filtering or firewall rules to block or inspect RTCP traffic from untrusted sources, limiting exposure.
  • Review and harden application code dealing with RTCP packets, ensuring proper bounds checking and input validation to prevent similar buffer overread.

Generated by OpenCVE AI on June 18, 2026 at 00:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Android RTCP Chunk Decode Bounds Overread Allowing Information Disclosure

Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-125
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-16T20:46:54.920Z

Reserved: 2025-10-23T08:43:31.921Z

Link: CVE-2026-0130

cve-icon Vulnrichment

Updated: 2026-06-16T20:46:49.792Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:23.900

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0130

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T00:15:03Z

Weaknesses