Kmansoft

**Name of the Vulnerable Software and Affected Versions** Pion Interceptor versions v0.1.36 through v0.1.38 **Description** Pion Interceptor is a framework for building RTP/RTCP communication software. The issue is caused by a bug in the RTP packet factory, which can be exploited by crafted RTP packets to trigger a panic with Pion based SFU. This only affects users that use pion/interceptor. The bug can be exploited by sending crafted RTP packets. **Recommendations** For versions v0.1.36 through v0.1.38, upgrade to v0.1.39 or later, which includes a fix that validates `padLen > 0 && padLen <= payloadLength` and returns an error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose `padLen` is zero or larger than the remaining payload.