Bug 2439180 (CVE-2026-25994)
| Summary: | CVE-2026-25994 pjsip: PJSIP: heap buffer overflow in ICE with long username | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A buffer overflow flaw has been discovered in the PJSIP project. The buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames. This vulnerability affects applications that use ICE. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2439209, 2439210, 2439211 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-02-11 22:01:20 UTC
|