Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
AnalysisAI
Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs when the CSRC (Contributing Source) count header field is improperly validated, allowing an attacker to read sensitive memory contents. The vulnerability affects any system processing RTP streams with malformed headers and has a high CVSS score of 8.2 due to the combination of high confidentiality impact and network accessibility without authentication; no patch availability, KEV status, EPSS score, or active exploitation details are currently documented.
Technical ContextAI
RTP (RFC 3550) is a widely-used protocol for real-time media transport over IP networks. The vulnerability exists in the RTP header parsing logic, specifically in how the CC (CSRC count) field—which indicates the number of contributing sources in the CSRC list—is processed. CWE-126 (Buffer Over-read) indicates the root cause: improper validation of the CC header field length allows reading beyond allocated buffer boundaries, leaking adjacent heap/stack memory. This affects any RTP decoder/library that fails to validate that the declared CSRC count matches actual available packet data before dereferencing the header structure. Vulnerable implementations likely include libavformat (FFmpeg), GStreamer RTP plugins, PJSIP, Kurento, and other multimedia frameworks that parse RTP headers without bounds checking on the CC field.
RemediationAI
Remediation requires: (1) Immediate action: Identify all systems processing RTP streams (VoIP servers, conferencing platforms, media gateways, video surveillance systems); (2) Patch/Update: Apply vendor security updates to RTP libraries and applications as they become available—check FFmpeg, GStreamer, PJSIP, Asterisk, Kurento project pages for CVE-2024-53019 patches; (3) Temporary mitigation: Implement network-level filtering to reject malformed RTP packets with invalid CSRC counts (if detection logic is available); restrict RTP traffic to trusted sources only; (4) Workaround: If patching is delayed, disable RTP decoding features or use hardware appliances with updated firmware; (5) Validation: After patching, test RTP functionality end-to-end to ensure no regression. Monitor vendor advisories (NIST NVD, vendor security pages) for patch release timelines.
More in Fastconnect 6200 Firmware
View allQualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Cryptographic issue occurs due to use of insecure connection method while downloading.
Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4),
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Memory corruption while processing escape code, when DisplayId is passed with large unsigned value. Rated high severity
Same weakness CWE-126 – Buffer Over-read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54634