CVE-2026-0165 - Vulnerability Details - OpenCVE

In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01

History

Tue, 16 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References		https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01

MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published: 2026-06-16T18:51:35.648Z

Updated: 2026-06-16T19:32:34.212Z

Reserved: 2025-10-23T08:45:05.889Z

Link: CVE-2026-0165

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:26.877

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0165

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0165", "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222", "state": "PUBLISHED", "assignerShortName": "Google_Devices", "dateReserved": "2025-10-23T08:45:05.889Z", "datePublished": "2026-06-16T18:51:35.648Z", "dateUpdated": "2026-06-16T19:32:34.212Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83238938-5644-45f0-9007-c0392bcf6222", "shortName": "Google_Devices", "dateUpdated": "2026-06-16T18:51:35.648Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information disclosure"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"version": "Android kernel", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."}], "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01"}], "x_generator": {"engine": "cvelib 1.7.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-16T19:32:06.697409Z", "id": "CVE-2026-0165", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T19:32:34.212Z"}}]}}