Description
In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Published: 2026-06-16
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds read in the RTCP packet decoder. The missing bounds check allows an attacker to read arbitrary memory when a crafted RTCP packet is parsed, which can expose sensitive data without requiring elevated privileges. Because the flaw is triggered by packet parsing, remote information disclosure is the primary impact.

Affected Systems

The affected vendor is Google for its Android operating system. The specific Android versions are not listed in the CVE entry; any devices running a version that includes the vulnerable RTCP decoder are potentially impacted.

Risk and Exploitability

The CVSS score of 5.7 classifies the vulnerability as medium severity. The EPSS score is reported as less than 1%, indicating a very low probability of exploitation, and the issue is not listed in CISA's KEV catalog. Exploitation requires an attacker to send a malicious RTCP packet to a device over the network, and the victim must interact with that packet or otherwise cause the decoder to parse it. With these constraints, the likelihood of a successful attack in the wild is limited.

Generated by OpenCVE AI on June 17, 2026 at 22:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security patch that addresses the RTCP decoder bug.
  • Configure the device or network to limit exposure to unsolicited RTCP traffic when not required, for example by disabling unused media services or applying quality‑of‑service restrictions.
  • If a patch is not yet available, restrict the device to allow RTCP packets only from trusted IP ranges using firewall or router rules.

Generated by OpenCVE AI on June 17, 2026 at 22:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title RTCP Packet Decoder Out-of-Bounds Read Leading to Remote Information Disclosure

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CWE-125
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-16T19:32:34.212Z

Reserved: 2025-10-23T08:45:05.889Z

Link: CVE-2026-0165

cve-icon Vulnrichment

Updated: 2026-06-16T19:31:57.545Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:26.877

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0165

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T22:30:13Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-125

    Out-of-bounds Read