CVE-2026-40892
PJSIP: Stack buffer overflow in pjsip_auth_create_digest2()
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
| CWE | CWE-121 |
| Vendor | pjsip |
| Product | pjproject |
| Published | Apr 21, 2026 |
| Last Updated | Apr 21, 2026 |
Stay Ahead of the Next One
Get instant alerts for pjsip pjproject
Be the first to know when new unknown vulnerabilities affecting pjsip pjproject are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
pjsip / pjproject
<= 2.16