CVE-2026-32945

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and below

Description PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a Heap-based Buffer Overflow in the DNS parser's name length handler. This impacts applications using PJSIP’s built-in DNS resolver, such as those configured with pjsua config.nameserver or UaConfig.nameserver in PJSUA/PJSUA2. Users who rely on the operating system resolver (e.g., getaddrinfo()) by not configuring a nameserver, or those using an external resolver via pjsip resolver set ext resolver(), are not affected.

Recommendations Versions 2.16 and below: Upgrade to version 2.17 or disable DNS resolution in the PJSIP configuration by setting nameserver count to zero, or use an external resolver implementation.