CVE-2026-25994

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25994

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25994.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25994

Aliases

GHSA-j29p-pvh2-pvqp

Downstream

UBUNTU-CVE-2026-25994

USN-8122-1

Published

2026-02-11T20:56:47.340Z

Modified

2026-04-02T13:18:54.239516Z

Severity

8.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

PJSIP has a heap buffer overflow in ICE with long username

Details

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25994.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-120"
    ]
}

References

Affected packages

Git / github.com/pjsip/pjproject

Affected ranges

Type: GIT
Repo: https://github.com/pjsip/pjproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0

Affected versions

0.*

0.3-pre

0.5.0-before-conf

0.5.0.1

0.5.10

0.5.10.1

0.5.10.2

0.5.10.3

0.5.10.4

0.5.2

0.5.3

0.5.4

0.5.5.1

0.5.6

0.5.6.1

0.5.7

0.5.8

0.5.9

0.7.0

0.7.0-rc1

0.8.0

0.9.0

1.*

1.0

1.0-rc1

1.0-rc2

1.0-rc3

1.0-rc4

1.0.1

1.0.2

1.0.3

1.1

1.10

1.12

1.14

1.14.2

1.16

1.2

1.3

1.4

1.4.5

1.5

1.5.5

1.6

1.7

1.8

1.8.10

1.8.5

2.*

2.0

2.0-alpha

2.0-alpha2

2.0-beta

2.0-rc

2.0.1

2.1

2.10

2.11

2.11.1

2.12

2.12.1

2.13

2.13.1

2.14

2.14.1

2.15

2.15.1

2.16

2.2

2.2.1

2.3

2.4

2.4.5

2.5

2.5.1

2.5.5

2.6

2.7

2.7.1

2.7.2

2.8

2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25994.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "330511024184510519339281544453153049606",
            "length": 1413.0
        },
        "source": "https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0",
        "id": "CVE-2026-25994-6b37ed84",
        "target": {
            "file": "pjnath/src/pjnath/ice_session.c",
            "function": "pj_ice_sess_create_check_list"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "293532994452693411088968490911701882292",
                "208609953946531989005871956697892823297",
                "175731945472584001358641113581309243409",
                "318557259801844700363321757796719854397",
                "298927417505901589194577919812119803202",
                "237448646092079163430573155578999194662",
                "168458120258307680881271966288486114793"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0",
        "id": "CVE-2026-25994-ac0df524",
        "target": {
            "file": "pjnath/src/pjnath/ice_session.c"
        }
    }
]