216.73.217.22

CVE-2026-40892

· Published 21/04/2026 21:16 · Modified 22/04/2026 21:24

Labels: CVE-2026-40892 2026-04-21CVE-2026-40892CWE-121[email protected]

Essential information

Published
21/04/2026 21:16
Modified
22/04/2026 21:24
Author
Creator
CVSS
8.1 HIGH (v3) 8.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pjsip / pjsip cpe:2.3:a:pjsip:pjsip:2.16:*:*:*:*:*:*:*
pjsip / pjsip cpe:2.3:a:pjsip:pjsip:<2.16:*:*:*:*:*:*

References