CVE-2026-33069 in pjprojectالمعلومات

الملخص

بحسب MITRE • 20/03/2026

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip_multipart_parse(). After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This allows 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected. This issue is resolved in version 2.17.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

17/03/2026

إفشاء

20/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-352030

CPE

جاهز

CWE

CWE-125 (مؤكد)

CVSS

7.5 (NVD)

EPSS

0.00049

KEV

لا

النشاطات

منخفض جدًا

القطاع

Education, Government, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33069
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33069
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33069/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!