Description
In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer over-read occurs within the decodeAppPacket function in RtcpAppPacket.cpp due to a missing bounds check, allowing an attacker to read arbitrary data from memory. This flaw can expose sensitive information without requiring elevated privileges or additional execution rights, making it a direct information disclosure vulnerability. and CWE-125 structures.

Affected Systems

Android devices running any build that includes the affected RtcpAppPacket implementation, as distributed by Google. The exact affected versions are not enumerated in the advisory, but the common base is the Android operating system shipped by Google, specifically the Pixel line as referenced in the security bulletin.

Risk and Exploitability

The CVSS score of 4.3 represents moderate severity, while the EPSS score of less than 1% indicates a very low probability of exploitation at this time. It is not listed in the CISA KEV catalog. The attack can be performed remotely without user interaction, suggesting that if an attacker gains network visibility, they could potentially exploit the vulnerability, but practical success depends on additional environmental factors not detailed in the advisory.

Generated by OpenCVE AI on June 17, 2026 at 21:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Google Android security bulletin for a patched Android build and install it promptly
  • Upgrade to the latest Android firmware version available for the device
  • Disable or restrict access to the RTCP packet processing components if possible or use network segmentation to limit exposure

Generated by OpenCVE AI on June 17, 2026 at 21:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Remote Information Disclosure via OOB Read in Android RTCP Packet Decoder

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CWE-125
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-16T20:33:14.687Z

Reserved: 2025-10-23T08:43:46.842Z

Link: CVE-2026-0141

cve-icon Vulnrichment

Updated: 2026-06-16T20:15:55.304Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:24.907

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0141

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:30:12Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-125

    Out-of-bounds Read