CVE-2024-53020
published 2025-06-03CVE-2024-53020: Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
PriorityP340high8.2CVSS 3.1
AVNACLPRNUINSUCHINAL
EPSS
0.20%
10.2th percentile
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Affected
235 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
apache2 vulnerabilities
osv·2025-08-19·CVSS 7.5
CVE-2025-49630 apache2 vulnerabilities
apache2 vulnerabilities
USN-7639-1 fixed several vulnerabilities in Apache. This update
provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and addressed a regression
fix (LP: #2119395). CVE-2025-49630 and CVE-2025-53020 only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that the Apache HTTP Server incorrectly handled
certain Content-Type response headers. A remote attacker could
possibly use this issue to perform HTTP response splitting attacks.
(CVE-2024-42516)
xiaojunjie discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain requests. A remote attacker could
possibly use this issue to send outbound proxy requests to an
arbitrary URL. (CVE-2024-43204)
John Runyon disco
GHSA
GHSA-w9f5-6mhq-cp5w: Information disclosure may occur while decoding the RTP packet with invalid header extension from network
ghsa_unreviewed·2025-06-03
CVE-2024-53020 [HIGH] CWE-126 GHSA-w9f5-6mhq-cp5w: Information disclosure may occur while decoding the RTP packet with invalid header extension from network
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Android
CVE-2024-53020: Closed-source component
vendor_android·2025-06-01·CVSS 8.2
CVE-2024-53020 [HIGH] CVE-2024-53020: Closed-source component
Android Security Bulletin 2025-06-01
CVE: CVE-2024-53020
Severity: HIGH
Component: Closed-source component
References: A-381899262
*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-03
Published