{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25994", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T17:41:55.858Z", "datePublished": "2026-02-11T20:56:47.340Z", "dateUpdated": "2026-02-12T21:20:58.443Z"}, "containers": {"cna": {"title": "PJSIP has a heap buffer overflow in ICE with long username", "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp"}, {"name": "https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0", "tags": ["x_refsource_MISC"], "url": "https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0"}], "affected": [{"vendor": "pjsip", "product": "pjproject", "versions": [{"version": "<= 2.16", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-11T20:56:47.340Z"}, "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames."}], "source": {"advisory": "GHSA-j29p-pvh2-pvqp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T21:20:50.808444Z", "id": "CVE-2026-25994", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T21:20:58.443Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "PJSIP has a heap buffer overflow in ICE with long username", "source": {"advisory": "GHSA-j29p-pvh2-pvqp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pjsip", "product": "pjproject", "versions": [{"status": "affected", "version": "<= 2.16"}]}], "references": [{"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp", "name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0", "name": "https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-11T20:56:47.340Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-12T21:20:50.808444Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-02-12T21:20:54.996Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-25994", "state": "PUBLISHED", "dateUpdated": "2026-02-11T20:56:47.340Z", "dateReserved": "2026-02-09T17:41:55.858Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-11T20:56:47.340Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*", "matchCriteriaId": "3290D5C6-704B-4F73-A5DB-2DB205F3CDBE", "versionEndIncluding": "2.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames."}], "id": "CVE-2026-25994", "lastModified": "2026-02-19T19:23:29.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-11T21:16:20.813", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "<= 2.16"}}], "product": "pjproject", "vendor": "pjsip"}], "analysis": {"en": {"generated_at": "2026-04-17T20:12:02.489732+00:00", "value": {"mitigation_remediation": ["Upgrade pjproject to the latest version (2.17 or newer) which contains the buffer overflow fix.", "If an immediate upgrade is not possible, temporarily disable ICE handling or reject credential processing until the patch can be applied.", "Recompile the library with security hardening options such as stack protection, address space layout randomization, and enable bounds checking where available."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue affects the PJSIP (PJProject) library, versions 2.16 and earlier. Any application that incorporates PJProject and uses ICE to process authentication credentials is at risk. Typical deployments include VoIP servers, SIP proxy or media transport services that rely on the open-source library.", "description_and_impact": "The vulnerability is a heap buffer overflow in the PJNATH ICE Session of the PJSIP library. When the library processes credentials that contain an excessively long username, a memory overwrite occurs. If exploited, this could allow a malicious actor to inject code or corrupt data, potentially leading to arbitrary code execution or service disruption. The flaw directly compromises the integrity of the process handling the credentials and, if successful, may also expose sensitive information.", "risk_and_exploitability": "The CVSS score is 8.1, indicating high severity. The EPSS score is less than 1%, showing a low probability of exploitation in the wild at present. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on how the bug is triggered\u2014a crafted long username in an ICE credential\u2014the likely attack vector is remote, where an attacker sends a specially crafted SIP packet or credential to a vulnerable service."}}}}, "created": "2026-02-12T09:03:16.558673+00:00", "updated": "2026-04-17T20:15:27.004923+00:00", "vendors": ["pjsip", "pjsip$PRODUCT$pjproject"]}