CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This allows 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected. This issue is resolved in version 2.17.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/pjsip/pjproject/commit/f0fa32a226df5f87a9903093e5d145ebb69734db	Patch
https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*

History

23 Mar 2026, 15:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Pjsip Pjsip pjsip
References	~~() https://github.com/pjsip/pjproject/commit/f0fa32a226df5f87a9903093e5d145ebb69734db -~~	() https://github.com/pjsip/pjproject/commit/f0fa32a226df5f87a9903093e5d145ebb69734db - Patch
References	~~() https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj -~~	() https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj - Patch, Vendor Advisory
CPE		cpe:2.3:a:pjsip:pjsip::::::::
Summary		(es) PJSIP es una biblioteca de comunicación multimedia de código abierto y gratuita escrita en C. Las versiones 2.16 e inferiores tienen una lectura de montículo fuera de límites en cascada en pjsip_multipart_parse(). Después de la coincidencia de la cadena de límite, curptr se avanza más allá del delimitador sin verificar que no ha alcanzado el final del búfer. Esto permite que se lean 1-2 bytes de memoria de montículo adyacente. Todas las aplicaciones que procesan mensajes SIP entrantes con cuerpos multipart o contenido SDP están potencialmente afectadas. Este problema se resuelve en la versión 2.17.

20 Mar 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-20 09:16

Updated : 2026-03-23 15:32

NVD link : CVE-2026-33069

Mitre link : CVE-2026-33069

CVE.ORG link : CVE-2026-33069

JSON object : View

Products Affected

pjsip

pjsip

CWE

CWE-125

Out-of-bounds Read

7.5 /10