Description
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
Published: 2026-04-21
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption that can lead to remote code execution
Action: Patch
AI Analysis

Impact

A stack buffer overflow exists in the function pjsip_auth_create_digest2() in PJSIP. The function copies credential data using data.slen without an upper‑bound check, which allows an attacker to overflow the fixed‑size ha1 stack buffer when data.slen exceeds the expected 128‑byte digest length. This type of vulnerability (CWE‑121) can corrupt the call stack, potentially leading to a crash or arbitrary code execution if the overwritten memory contains code or control data.

Affected Systems

The affected product is PJProject, the open‑source multimedia communication library maintained by PJSIP. Versions 2.16 and earlier are vulnerable when the application uses pre‑computed digest credentials (PJSIP_CRED_DATA_DIGEST). Any deployment that compiles with these legacy versions and processes authentication requests from untrusted sources is at risk. The vulnerability is specific to the credential handling logic in pjsip_auth_create_digest2().

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The most probable exploitation scenario involves an attacker sending crafted authentication data to a service that uses the vulnerable library; the missing upper‑bound check on data.slen can cause a stack overflow that may allow remote code execution or local privilege escalation. The potential attack vector is inferred to be network‑based, given that authentication exchanges occur over the network. Organizations using the affected library should prioritize remediation.

Generated by OpenCVE AI on April 22, 2026 at 05:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PJProject to version 2.17 or later, where the buffer overflow bug is fixed.
  • Recompile the application with the updated library and redeploy to ensure the fix takes effect.
  • If an upgrade is not immediately possible, validate credential lengths before copying data or avoid using pre‑computed digest credentials in untrusted contexts.

Generated by OpenCVE AI on April 22, 2026 at 05:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 04:30:00 +0000

Type Values Removed Values Added
First Time appeared Pjsip
Pjsip pjproject
Vendors & Products Pjsip
Pjsip pjproject

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
Title PJSIP: Stack buffer overflow in pjsip_auth_create_digest2()
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 8.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Pjsip Pjproject
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-21T20:27:29.133Z

Reserved: 2026-04-15T16:37:22.766Z

Link: CVE-2026-40892

cve-icon Vulnrichment

Updated: 2026-04-21T20:27:25.592Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T21:16:44.153

Modified: 2026-04-22T21:24:26.997

Link: CVE-2026-40892

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:30:09Z

Weaknesses