Main Vulnerability Database Vulnerabilities #VU125901

#VU125901 Out-of-bounds read in pjsip - CVE-2026-33069

Published: April 14, 2026

Vulnerability identifier: #VU125901

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-33069

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pjsip

Software vendor:
pjsip

Description

The vulnerability allows a remote attacker to disclose adjacent heap memory.

The vulnerability exists due to an out-of-bounds read in pjsip_multipart_parse() when parsing SIP multipart bodies. A remote attacker can send a specially crafted SIP message to disclose adjacent heap memory.

Applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected.

Remediation

Install security update from vendor's website.

External links

https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj

#VU125901 Out-of-bounds read in pjsip - CVE-2026-33069

Description

Remediation

External links

Please verify you're human