CVE-2026-32942
- Source
- https://cve.org/CVERecord?id=CVE-2026-32942
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32942.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-32942
- Aliases
-
- GHSA-g88q-c2hm-q7p7
- Downstream
- Published
- 2026-03-20T03:43:37.112Z
- Modified
- 2026-04-12T20:14:07.810556Z
- Severity
-
- 8.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- PJSIP has ICE session use-after-free race conditions
- Details
-
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32942.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-416" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32942.json
- https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7
- https://nvd.nist.gov/vuln/detail/CVE-2026-32942
- https://github.com/pjsip/pjproject/issues/1451
- https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a
Affected packages
Git / github.com/pjsip/pjproject
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pjsip/pjproject
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "296514060446502758595467709181786564369",
"length": 2659.0
},
"id": "CVE-2026-32942-32df1b44",
"signature_type": "Function",
"source": "https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a",
"deprecated": false,
"target": {
"function": "pj_ice_sess_on_rx_pkt",
"file": "pjnath/src/pjnath/ice_session.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"58899124184680440093406709697781225185",
"32609678313659452470089361524374167716",
"242839389570005040418632099149788447580",
"269248817349571747784645015298137589841",
"57377002617240061647952702063801099686",
"221251662232581027362163640725797558093",
"240264059872952741428803259352630634264",
"147673264322234774989299081066606070894",
"209794440962273896190487937812135873431",
"69098652646400185957232482278660567366",
"50415004485954827778866602291815869331",
"9997984114432737798625091210455704784",
"193354373762130370756176220494030408951",
"314149326416665943997582301875586050254",
"155174500522599857759780782297959221522",
"325148471560625001092765025937550140996",
"130986046111488472014327397698098213848"
]
},
"id": "CVE-2026-32942-85ad76dc",
"signature_type": "Line",
"source": "https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a",
"deprecated": false,
"target": {
"file": "pjnath/src/pjnath/ice_session.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "326661568323945126796080779906543593660",
"length": 948.0
},
"id": "CVE-2026-32942-9f18bd49",
"signature_type": "Function",
"source": "https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a",
"deprecated": false,
"target": {
"function": "pj_ice_sess_send_data",
"file": "pjnath/src/pjnath/ice_session.c"
},
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32942.json"
vanir_signatures_modified
"2026-04-12T20:14:07Z"