Published: 09/06/2025 Updated: 09/06/2025

Pion Interceptor RTP Packet Parsing Vulnerability Leading to Remote Panic

Pion Interceptor, a framework for RTP/RTCP communication software, has a vulnerability in versions v0.1.36 through v0.1.38 involving its RTP packet factory. An attacker can exploit this weakness by sending crafted RTP packets to trigger a panic in Pion-based SFU implementations. The issue exclusively impacts users of pion/interceptor. To mitigate the risk, users are recommended to upgrade to version v0.1.39 or later, which includes validation checks to prevent potential overflows by ensuring `padLen > 0 && padLen <= payloadLength`. If immediate upgrading is not feasible, users can manually apply the patch from the associated pull request or implement a workaround by dropping packets where the P-bit is set but the padLen is zero or exceeds the remaining payload length.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pion interceptor

CWE-770 https://nvd.nist.gov https://www.first.org/epss https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5 https://github.com/pion/interceptor/pull/338 https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77 https://github.com/pion/webrtc/issues/3148

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-49140

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect