Skip to main content

Google Android CVE-2026-0128

| EUVDEUVD-2026-37211 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-06-16 Google_Devices GHSA-6qg7-6c24-p9vf
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-delivered RTCP packet needs no attacker privileges; UI:R because victim must join a media session; C:H reflects unbounded memory read potential; no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 22, 2026 - 19:01 vuln.today
CVSS changed
Jun 22, 2026 - 16:52 NVD
6.5 (MEDIUM)
CVE Published
Jun 16, 2026 - 18:51 nvd
MEDIUM 6.5
CVE Published
Jun 16, 2026 - 18:51 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

AnalysisAI

Remote information disclosure in Android's RTCP Feedback packet decoder allows a network attacker to read out-of-bounds process memory on a target device by delivering a maliciously crafted RTCP FB packet. The root cause is a CWE-190 integer overflow in RtcpFbPacket::decodeRtcpFbPacket that causes a miscalculated buffer boundary, enabling the out-of-bounds read. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker deploys malicious VoIP or media server
Delivery
Social-engineer target Android user into joining media session
Exploit
Deliver crafted RTCP Feedback packet to target device
Execution
Integer overflow in decodeRtcpFbPacket miscalculates buffer boundary
Persist
Out-of-bounds read leaks process memory
Impact
Attacker receives disclosed memory contents

Vulnerability AssessmentAI

Exploitation Exploitation requires the target Android user to actively participate in or connect to a media session that delivers RTCP Feedback packets from the attacker - for example, by joining an attacker-controlled VoIP call, video conference, or media stream (CVSS UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.5 (Medium) is well-calibrated for this class of vulnerability: AV:N/AC:L/PR:N establishes a low-friction network attack path, but UI:R imposes a meaningful exploitation barrier requiring the target to actively engage with a media session. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker operates a malicious VoIP or video conferencing service and social-engineers a target Android user into joining a call or media session. When the victim's Android device processes the attacker's specially crafted RTCP Feedback packet, the integer overflow in decodeRtcpFbPacket miscalculates the buffer boundary, causing the decoder to read memory beyond the packet buffer. …
Remediation Apply the security patches delivered via the Google Pixel Security Bulletin dated 2026-06-01, available at https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01; devices should be updated to the June 2026 security patch level or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-0128 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy