CVE-2025-49140
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-06-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Pion Interceptor versions v0.1.36 through v0.1.38 in the RTP packet factory. It can be exploited by sending crafted RTP packets that trigger a panic in Pion based SFU software. The issue arises because the code does not properly validate the padding length (padLen) in RTP packets, which can cause an overflow and panic. The fix in version v0.1.39 and later ensures that padLen is greater than 0 and less than or equal to the payload length, returning an error on overflow to avoid panic.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by triggering a panic in applications using Pion Interceptor for RTP/RTCP communication when they receive specially crafted RTP packets. This means an attacker could disrupt the availability of the affected software by causing it to crash or become unresponsive.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Pion Interceptor to version v0.1.39 or later, which includes validation to prevent the panic. If upgrading is not possible, manually apply the patch from the relevant pull request or drop RTP packets whose P-bit is set but whose padLen is zero or larger than the remaining payload.