{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28799", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T14:25:19.245Z", "datePublished": "2026-03-06T06:36:55.109Z", "dateUpdated": "2026-03-09T19:50:33.494Z"}, "containers": {"cna": {"title": "PJSIP: Heap use-after-free in PJSIP presence subscription termination handler", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc"}, {"name": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1", "tags": ["x_refsource_MISC"], "url": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1"}], "affected": [{"vendor": "pjsip", "product": "pjproject", "versions": [{"version": "< 2.17", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:36:55.109Z"}, "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17."}], "source": {"advisory": "GHSA-8fj4-fv9f-hjpc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T19:50:23.183687Z", "id": "CVE-2026-28799", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:50:33.494Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T19:50:23.183687Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:50:28.703Z"}}], "cna": {"title": "PJSIP: Heap use-after-free in PJSIP presence subscription termination handler", "source": {"advisory": "GHSA-8fj4-fv9f-hjpc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "pjsip", "product": "pjproject", "versions": [{"status": "affected", "version": "< 2.17"}]}], "references": [{"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc", "name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1", "name": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:36:55.109Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28799", "state": "PUBLISHED", "dateUpdated": "2026-03-09T19:50:33.494Z", "dateReserved": "2026-03-03T14:25:19.245Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-06T06:36:55.109Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*", "matchCriteriaId": "117AFEC4-36E1-424F-B2A3-6EC94FBBDF38", "versionEndExcluding": "2.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17."}, {"lang": "es", "value": "PJSIP es una librer\u00eda de comunicaci\u00f3n multimedia gratuita y de c\u00f3digo abierto escrita en C. Antes de la versi\u00f3n 2.17, existe una vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de heap en el framework de suscripci\u00f3n de eventos de PJSIP (evsub.c) que se activa durante la anulaci\u00f3n de suscripci\u00f3n de presencia (SUBSCRIBE con Expires=0). Este problema ha sido parcheado en la versi\u00f3n 2.17."}], "id": "CVE-2026-28799", "lastModified": "2026-03-10T19:44:11.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-06T07:16:00.527", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "PJSIP: PJSIP: Denial of Service via heap use-after-free in event subscription", "id": "2445116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445116"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in PJSIP. A remote attacker can exploit a heap use-after-free vulnerability within the event subscription framework by sending a specially crafted message during presence unsubscription. This can lead to a denial of service, making the affected system unavailable."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-28799", "public_date": "2026-03-06T06:36:55Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28799\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28799\nhttps://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1\nhttps://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc"], "statement": "IMPORTANT: A heap use-after-free vulnerability in PJSIP's event subscription framework allows a remote attacker to cause a denial of service. This flaw is triggered by sending a specially crafted message during presence unsubscription, leading to system unavailability. Red Hat products utilizing PJSIP for presence functionality may be affected.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.17)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "pjproject", "source": "cna", "vendor": "pjsip"}, "product": "pjproject", "vendor": "pjsip"}], "analysis": {"en": {"generated_at": "2026-04-16T11:31:57.273245+00:00", "value": {"mitigation_remediation": ["Upgrade the PJProject library to version 2.17 or later to apply the official patch for the event subscription flaw.", "If an immediate upgrade is not possible, disable or remove the presence subscription feature from the application to eliminate the entry point for the use\u2011after\u2011free.", "Continuously monitor network traffic for unexpected SUBSCRIBE packets with Expires=0 and block or log them as potential exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is PJSIP from the pjproject vendor. All releases prior to version 2.17 are vulnerable; version 2.17 and later contain the patch that protects against the heap use\u2011after\u2011free during presence subscription termination.", "description_and_impact": "A heap use\u2011after\u2011free flaw in PJSIP\u2019s event subscription framework allows an attacker to trigger arbitrary code execution by sending a presence unsubscription request (SUBSCRIBE with Expires=0). The vulnerability resides in evsub.c and is catalogued as CWE\u2011416 and CWE\u2011825. Because memory is freed and then accessed, an attacker who can craft the unsubscription packet could manipulate program flow or crash the process, leading to potential denial of service or execution of malicious code on the host.", "risk_and_exploitability": "The CVSS score of 8.7 classifies this flaw as high severity. The EPSS score of less than 1% indicates a very low current exploit probability, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, if the affected library is exposed to network traffic or local users with sufficient privileges, the attack vector is likely remote or local depending on the deployment context. The low EPSS score should not diminish the urgency of remediation because the potential impact is severe."}}}}, "created": "2026-03-09T10:08:28.314791+00:00", "updated": "2026-04-16T11:45:26.259255+00:00", "vendors": ["pjsip", "pjsip$PRODUCT$pjproject"]}