PJSIP Heap-Based Buffer Overflow Vulnerability in DNS Parser

Vulnerability

A heap-based buffer overflow vulnerability has been identified in PJSIP versions 2.16 and below. The issue arises in the DNS parser's name length handler, affecting applications that use PJSIP's built-in DNS resolver. This vulnerability does not impact users who rely on the operating system's resolver or those using an external resolver implementation.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or memory corruption.

Remediation

Users can upgrade to PJSIP version 2.17, where this vulnerability is patched. For those unable to upgrade, DNS resolution can be disabled in the PJSIP configuration by setting the nameserver_count to zero, or an external resolver implementation can be used instead.

Added: Mar 20, 2026, 4:20 AM
Updated: Mar 20, 2026, 4:20 AM

Vulnerability Rating

Custom Algorithm
spread
9.8
impact
7.5
exploitability
8.8
remediation
8.3
relevance
2.7
threat
3.2
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.