CVE-2026-29068

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967	Patch
https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*

History

10 Mar 2026, 19:11

Type	Values Removed	Values Added
References	~~() https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967 -~~	() https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967 - Patch
References	~~() https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f -~~	() https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f - Patch, Vendor Advisory
First Time		Pjsip Pjsip pjsip
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) PJSIP es una librería de comunicación multimedia de código abierto y gratuita escrita en C. Antes de la versión 2.17, existe una vulnerabilidad de desbordamiento de búfer de pila cuando pjmedia-codec analiza una carga útil RTP que contiene más tramas de las que pueden contener las tramas proporcionadas por el llamador. Este problema ha sido parcheado en la versión 2.17.
CPE		cpe:2.3:a:pjsip:pjsip::::::::

06 Mar 2026, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-06 07:16

Updated : 2026-03-10 19:11

NVD link : CVE-2026-29068

Mitre link : CVE-2026-29068

CVE.ORG link : CVE-2026-29068

JSON object : View

Products Affected

pjsip

pjsip

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2026-29068", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T07:16:02.607", "references": [{"url": "https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain more frames than the caller-provided frames can hold. This issue has been patched in version 2.17."}, {"lang": "es", "value": "PJSIP es una librer\u00eda de comunicaci\u00f3n multimedia de c\u00f3digo abierto y gratuita escrita en C. Antes de la versi\u00f3n 2.17, existe una vulnerabilidad de desbordamiento de b\u00fafer de pila cuando pjmedia-codec analiza una carga \u00fatil RTP que contiene m\u00e1s tramas de las que pueden contener las tramas proporcionadas por el llamador. Este problema ha sido parcheado en la versi\u00f3n 2.17."}], "lastModified": "2026-03-10T19:11:53.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "117AFEC4-36E1-424F-B2A3-6EC94FBBDF38", "versionEndExcluding": "2.17"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}