Primary

Context

PJSIP PJNATH Buffer Overflow Vulnerability in ICE Session Credential Processing

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the PJSIP library, specifically within the PJNATH component's ICE session handling. This issue arises in versions 2.16 and earlier when the library processes credentials containing excessively long usernames. The vulnerability could lead to memory corruption or control flow hijacking, allowing for potentially arbitrary code execution. Applications utilizing ICE may experience unexpected termination or exploitation of this vulnerability.

Impact

The vulnerability could be exploited to cause a buffer overflow, leading to memory corruption or control flow hijacking. This could allow an attacker to execute arbitrary code under the application's privileges.

Remediation

Users can upgrade to PJSIP version 2.17, where this vulnerability has been patched.

Added: Feb 11, 2026, 9:21 PM

Updated: Feb 11, 2026, 9:21 PM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

10.0

exploitability

7.5

remediation

7.7

relevance

3.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

10.0

exploitability

7.5

remediation

7.7

relevance

3.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PJSIP PJNATH Buffer Overflow Vulnerability in ICE Session Credential Processing

Vulnerability

Impact

Remediation

Affected Products

PJSIP PJNATH

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating