PJSIP, Heap-based Buffer Overflow, CVE-2026-32945 (Critical)

Listen to this Post

The vulnerability CVE-2026-32945 exists within the PJSIP multimedia communication library, specifically in the DNS parser component. The flaw is a heap-based buffer overflow triggered when processing a DNS response containing a maliciously crafted name length field. When PJSIP’s built-in DNS resolver parses a domain name, it reads a length byte to determine how many bytes to copy into a heap-allocated buffer. If this length value exceeds the available space in the buffer due to improper bounds checking, a heap overflow occurs. This allows an attacker to overwrite adjacent heap metadata or other critical data structures. The affected code path is activated only when applications use PJSIP’s internal DNS resolver, typically by configuring nameservers via `pjsua_config.nameserver` or UaConfig.nameserver. Applications relying on the operating system’s resolver (e.g., getaddrinfo()) or an external resolver are not impacted. The overflow can lead to arbitrary code execution, allowing an attacker to gain complete control over the affected application. This issue is fixed in PJSIP version 2.17, where the DNS parser was updated to validate length fields before memory operations.

dailycve form:

Platform: PJSIP library
Version: 2.16 below
Vulnerability : Heap-based Buffer Overflow
Severity: Critical
date: 03/20/2026

Prediction: 04/15/2026

What Undercode Say:

Check PJSIP version
pjsip --version
Identify vulnerable DNS resolver usage
grep -r "nameserver_count" /path/to/config
Manual patch verification (before upgrade)
objdump -d libpjsip.so | grep "parse_name"

Exploit:

Crafted DNS response with oversized name length triggers heap overflow during pjsip_dns_parse_name. Overwrites heap metadata to redirect execution flow to shellcode.

Protection from this CVE

Upgrade to PJSIP 2.17. If unable, disable built-in DNS resolver by setting `nameserver_count = 0` or switch to external resolver using pjsip_resolver_set_ext_resolver().

Impact:

Remote code execution via malicious DNS responses, leading to full system compromise of applications using PJSIP’s internal DNS resolver.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top