CVE-2026-40892
CRITICALPJSIP: Stack buffer overflow in pjsip_auth_create_digest2()
Title source: cnaDescription
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
Scores
CVSS v3
9.8
EPSS
0.0005
EPSS Percentile
14.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
Status
published
Products (2)
pjsip/pjproject
<= 2.16
pjsip/pjsip
< 2.17
Published
Apr 21, 2026
Tracked Since
Apr 22, 2026