Buffer overflow in Pjsip Pjproject

CVE-2026-40892

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST)…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (21.4th percentile) — read the EPSS interpretation.

Affected products

Pjsip Pjproject — versions <= 2.16

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

https://github.com/pjsip/pjproject/security/advisories/GHSA-2wcg-w3c4-48r7 (x_refsource_CONFIRM)
https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687 (x_refsource_MISC)