CVE-2026-40892

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and earlier

Description A stack buffer overflow occurs in the pjsip auth create digest2() function when using pre-computed digest credentials (PJSIP CRED DATA DIGEST). The function copies credential data using the cred info->data.slen length without performing an upper-bound check, which can overflow the fixed-size ha1 stack buffer of 128 bytes if data.slen exceeds the expected digest string length.

Recommendations Update to a version later than 2.16. As a temporary workaround, restrict the use of the pjsip auth create digest2() function when handling pre-computed digest credentials.