Pjsip
CVE-2026-28799
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.
AnalysisAI
PJSIP versions prior to 2.17 contain a heap use-after-free vulnerability in the event subscription framework that can be triggered through presence unsubscription requests, allowing remote attackers without authentication to cause denial of service. The vulnerability resides in the evsub.c component and is exploitable over the network with no user interaction required. A patch is available in version 2.17 and later.
Technical ContextAI
Classified as CWE-416 (Use After Free). Affects Pjsip. PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17.
RemediationAI
A vendor patch is available — apply it immediately. Fixed in version 2.17.. Restrict network access to the affected service where possible.
PJSIP is a free and open source multimedia communication library. Rated critical severity (CVSS 9.1), this vulnerability
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Rated critical severity (CVSS 9
Buffer overflow in PJSIP multimedia library version 2.16 and earlier in PJNATH ICE implementation. Patch available. Affe
Heap overflow in PJSIP 2.16 and earlier DNS parser allows unauthenticated remote attackers to achieve code execution wit
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, a
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this
PJSIP is a free and open source multimedia communication library written in C language implementing standard based proto
PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this
PJSIP is a free and open source multimedia communication library written in C language. Rated critical severity (CVSS 9.
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today