CVE-2026-28799

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-28799

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28799.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-28799

Aliases

GHSA-8fj4-fv9f-hjpc

Downstream

DEBIAN-CVE-2026-28799

UBUNTU-CVE-2026-28799

Published

2026-03-06T06:36:55.109Z

Modified

2026-04-12T20:28:22.550179Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

PJSIP: Heap use-after-free in PJSIP presence subscription termination handler

Details

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28799.json",
    "cwe_ids": [
        "CWE-416"
    ]
}

References

Affected packages

Git / github.com/pjsip/pjproject

Affected ranges

Type: GIT
Repo: https://github.com/pjsip/pjproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e06ff6c64741cc1675fd3296615910f532f6b1a1

Affected versions

2.*

2.10

2.11

2.12

2.13

2.14

2.15

2.16

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28799.json"

vanir_signatures

[
    {
        "digest": {
            "length": 1079.0,
            "function_hash": "113085548421252105477993818535355588220"
        },
        "id": "CVE-2026-28799-159797fa",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1",
        "target": {
            "function": "set_state",
            "file": "pjsip/src/pjsip-simple/evsub.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "62702997990066290748183178803648583036",
                "3680079640130068587245711428552478486",
                "305375029803131382619108103141345231935",
                "208880229480497262213289548861874949238",
                "15788682506788227829643389992342722805",
                "271577852352687878163258122343940497120",
                "24234324418505102304868124190955191228",
                "96166961375039496389244889358599061819",
                "14333187225389319331452442355621738818",
                "300543237972165242385344514598107417353",
                "11821126682426986753094684959865736929",
                "11644567030546711710929301536655084880"
            ]
        },
        "id": "CVE-2026-28799-49830bcd",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1",
        "target": {
            "file": "pjsip/src/pjsip-simple/evsub.c"
        }
    },
    {
        "digest": {
            "length": 4085.0,
            "function_hash": "215812815267268690703619589016323548845"
        },
        "id": "CVE-2026-28799-620038ec",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1",
        "target": {
            "function": "on_tsx_state_uas",
            "file": "pjsip/src/pjsip-simple/evsub.c"
        }
    }
]

vanir_signatures_modified

"2026-04-12T20:28:22Z"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.17"
            }
        ]
    }
]