Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
AnalysisAI
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that occurs when decoding packets with malformed header extensions. An attacker on the network can send specially crafted RTP packets to trigger memory disclosure, potentially exposing sensitive information while also causing minor availability impact. The vulnerability affects multiple implementations of RTP protocol handling across various media processing frameworks and VoIP applications; while there is no confirmed active KEV status or public exploit code documented, the high CVSS score (8.2) combined with network accessibility (CVSS:3.1/AV:N) indicates significant real-world risk to exposed services.
Technical ContextAI
The vulnerability resides in RTP header extension parsing logic, specifically CWE-126 (Buffer Over-read / Underflow), where invalid header extension structures in incoming RTP packets cause out-of-bounds memory access during decoding operations. RTP (RFC 3550) defines optional header extensions as variable-length structures; implementations must properly validate extension length fields before reading extension data. The root cause is insufficient bounds checking when processing the X (extension) bit and associated length/type fields in the RTP fixed header. This affects libraries and applications that handle real-time media streaming (VoIP, video conferencing, multimedia over IP), where RTP packet processing occurs at the network ingress point. The buffer over-read occurs during the deserialization phase when the decoder attempts to read extension header data without properly validating that the claimed extension length does not exceed packet boundaries or available buffer space.
RemediationAI
Remediation steps: (1) Apply vendor-supplied security patches immediately to all affected RTP protocol implementations—check vendor advisories from Asterisk, GStreamer, FFmpeg, and WebRTC projects. (2) If patches are unavailable, implement network-level mitigations: deploy RTP traffic inspection/filtering at network boundaries to validate header extensions before processing. (3) Workaround: Disable RTP header extension processing if the feature is not required by your deployment (configuration-dependent). (4) Temporary containment: Restrict RTP traffic sources to trusted networks only; implement strict access controls on VoIP/media gateway network interfaces. (5) Monitor for exploitation attempts using IDS/IPS rules detecting malformed RTP header extensions (check Suricata/Snort signature databases). (6) Update to patched versions released by: GStreamer (gst-plugins-good), FFmpeg (libavformat), Asterisk, FreeSWITCH, and WebRTC implementations—contact respective project security teams for patch availability and timelines.
More in 205 Mobile Platform Firmware
View allCVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is great
Same weakness CWE-126 – Buffer Over-read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54633