Description
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This allows 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected. This issue is resolved in version 2.17.
Published: 2026-03-20
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential data exposure through out-of-bounds memory read.
Action: Apply Patch
AI Analysis

Impact

PJSIP, a multimedia communication library, contains an out-of-bounds heap read in its multipart parsing routine (pjsip_multipart_parse). When a SIP message containing a multipart body is processed, the routine advances a pointer past the boundary delimiter without checking that the move stays within the buffer. This allows the reading of one or two bytes from adjacent heap memory. If malicious content is supplied, an attacker could potentially obtain sensitive information that resides next to the buffer, leading to a partial disclosure of data that could aid in further exploitation.

Affected Systems

This issue affects the pjsip project (pjproject) versions 2.16 and earlier. Any application that uses PJSIP and processes incoming SIP messages with multipart bodies or includes SDP content is at risk. Specific vendors are not listed beyond the pjsip project itself.

Risk and Exploitability

The vulnerability has a CVSS score of 6.9, indicating a moderate severity. The EPSS score is below 1 %, and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of widespread exploitation. Attackers would need to send crafted SIP messages containing multipart or SDP content to trigger the out-of-bounds read, which is feasible over the network. Once triggered, the read could leak a small amount of adjacent heap data; however, due to the limited size of the data read, exploitation potential is limited without additional vulnerabilities.

Generated by OpenCVE AI on March 23, 2026 at 16:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the PJSIP library to version 2.17 or later in all applications that rely on it.
  • Rebuild or redeploy affected applications to link against the updated library.
  • If an immediate upgrade is not possible, restrict inbound SIP traffic to trusted sources and consider disabling multipart handling if the application supports it.
  • Verify the patch by performing a test that sends a multipart SIP message and ensuring no out-of-bounds read occurs.
  • Monitor network traffic for anomalous SIP messages and keep the library up to date with any new advisories.

Generated by OpenCVE AI on March 23, 2026 at 16:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Pjsip pjsip
CPEs cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*
Vendors & Products Pjsip pjsip
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Pjsip
Pjsip pjproject
Vendors & Products Pjsip
Pjsip pjproject

Fri, 20 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Description PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This allows 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected. This issue is resolved in version 2.17.
Title PJSIP has an Out-of-bounds Read in SIP multipart parsing
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Pjsip Pjproject Pjsip
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T15:34:38.179Z

Reserved: 2026-03-17T19:27:06.343Z

Link: CVE-2026-33069

cve-icon Vulnrichment

Updated: 2026-03-20T15:34:33.579Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T09:16:15.183

Modified: 2026-03-23T15:32:13.853

Link: CVE-2026-33069

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:29:52Z

Weaknesses