Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.

INFO

Published Date :

2026-04-21T19:55:26.876Z

Last Modified :

2026-04-21T20:27:29.133Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40892 vulnerability.

Vendors Products
Pjsip
  • Pjproject
  • Pjsip
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40892.

URL Resource
https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687 cve-icon cve-icon
https://github.com/pjsip/pjproject/security/advisories/GHSA-2wcg-w3c4-48r7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact