CVE-2026-32945Heap-based Buffer Overflow in Pjproject

CWE-122Heap-based Buffer Overflow3 documents3 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 78.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pjsip PjprojectPjsip
Timeline
PublishedMar 20

Description

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with pjsua_config.nameserver or UaConfig.nameserver in PJSUA/PJSUA2. It does not affect users who rely on the OS resolver (e.g., getaddrinfo()) by not configuring a nameserver, or those using an external resolver via pjsip

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDpjsip/pjsip< 2.17
CVEListV5pjsip/pjproject< 2.17

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2026-32945: PJSIP is a free and open source multimedia communication library written in C2026-03-20

🕵️Threat Intelligence

1
Wiz
CVE-2026-32945 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-32945 — Heap-based Buffer Overflow | cvebase