Primary

Context

PJSIP Heap Use-After-Free Vulnerability in ICE Session

Vulnerability

Patched

A heap use-after-free vulnerability has been identified in PJSIP versions 2.16 and below. This vulnerability occurs in the Interactive Connectivity Establishment (ICE) session, where race conditions between session destruction and callbacks can be exploited. As a result, any application using PJSIP's ICE functionality may be affected.

Impact

Exploitation of this vulnerability can lead to a heap use-after-free condition, potentially allowing for arbitrary code execution.

Remediation

Users can upgrade to PJSIP version 2.17 to address this vulnerability.

Added: Mar 20, 2026, 4:20 AM

Updated: Mar 20, 2026, 4:20 AM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

6.9

remediation

7.7

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

6.9

remediation

7.7

relevance

4.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PJSIP Heap Use-After-Free Vulnerability in ICE Session

Vulnerability

Impact

Remediation

Affected Products

PJSIP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating