High-Severity Buffer Overflows Disclosed in PJSIP Audio and Authentication Code
Two high-severity vulnerabilities were disclosed in PJSIP affecting version 2.16 and earlier, exposing the widely used multimedia communication library to memory corruption risks. CVE-2026-40614 is a heap buffer overflow in the Opus codec decode path, where insufficient validation of buffer sizes allows codec_decode() to copy more data than allocated after codec_parse() emits encoded frames larger than the FEC decode buffer calculation anticipates. The flaw is tied to unchecked pj_memcpy() operations and was classified as CWE-122, with high potential impact to confidentiality, integrity, and availability.
A second issue, CVE-2026-40892, is a stack buffer overflow in pjsip_auth_create_digest2() when pre-computed digest credentials are supplied through PJSIP_CRED_DATA_DIGEST. In that path, credential data is copied using cred_info->data.slen without enforcing the expected digest-length limit, allowing overflow of the fixed 128-byte ha1 stack buffer. The vulnerability was classified as CWE-121, and both CVEs were published with GitHub advisory references and fixing commits, indicating that maintainers have issued patches for affected deployments.
Timeline
Apr 21, 2026
GitHub publishes CVE-2026-40892 for PJSIP stack buffer overflow
GitHub published CVE-2026-40892 for a stack buffer overflow in PJSIP's pjsip_auth_create_digest2() function affecting version 2.16 and earlier. The flaw occurs when pre-computed digest credentials are copied into a fixed 128-byte stack buffer without an upper-bound check, and the publication included references to a fix commit and security advisory.
Apr 21, 2026
GitHub publishes CVE-2026-40614 for PJSIP heap buffer overflow
GitHub published CVE-2026-40614 for a heap buffer overflow in PJSIP's Opus codec decode path affecting version 2.16 and earlier. The advisory described insufficient buffer size validation that could allow out-of-bounds copies during audio frame decoding and referenced a fixing commit and GitHub Security Advisory.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Heap Buffer Overflow Flaws Disclosed in wolfSSL DTLS and Wireshark TLS Parsing
Two high-severity memory-corruption vulnerabilities were disclosed in widely used TLS-related software components. **CVE-2026-5264** affects wolfSSL and stems from DTLS 1.3 ACK message processing, where a remote attacker can send a crafted ACK packet to trigger a heap buffer overflow. The flaw is classified as `CWE-122` and is network-reachable with low attack complexity and no privileges or user interaction required, raising concern for applications that expose DTLS 1.3 services. A separate flaw, **CVE-2026-5402**, was disclosed in Wireshark’s TLS protocol dissector and affects versions `4.6.0` through `4.6.4`. The vulnerability is also a heap-based buffer overflow (`CWE-122`) and could allow denial of service and possible code execution when malicious traffic is processed, with the CVSS vector indicating high impact to confidentiality, integrity, and availability. Public references point to a wolfSSL GitHub pull request for the DTLS issue and to a GitLab issue and official Wireshark security advisory for the dissector flaw.
3 days ago
OpenSSL January Security Update Fixes CMS and PKCS#12 Stack Overflows With RCE Risk
**OpenSSL released a security update on January 27, 2026**, addressing **12 vulnerabilities** across supported branches, including **one High-severity issue with potential remote code execution (RCE)**, one Moderate, and multiple Low-severity flaws. The most serious vulnerability, **CVE-2025-15467 (High)**, is a **pre-authentication stack buffer overflow** in **CMS `AuthEnvelopedData` parsing** when using AEAD ciphers (e.g., **AES-GCM**); a crafted CMS message with an **oversized IV in ASN.1 parameters** can trigger a crash and may enable code execution in applications that parse **untrusted CMS/PKCS#7 content** (notably **S/MIME** workflows). Both sources emphasize that while **DoS is the most likely outcome in many environments**, the presence of a stack write primitive makes the issue operationally significant where untrusted CMS is processed. A second notable issue, **CVE-2025-11187 (Moderate)**, involves a **stack overflow during PKCS#12 MAC verification** (PBMAC1/PBKDF2-related validation), where attacker-controlled parameters (e.g., key length) can lead to crashes and potentially more severe impact when processing **untrusted PKCS#12 files** (e.g., certificate import/export, PKI/CA tooling). Affected versions called out include **OpenSSL 3.x** (with additional low-severity issues spanning older branches such as **1.0.2 and 1.1.1**), and patched releases include **3.6.1, 3.5.5, 3.4.4, 3.3.6, and 3.0.19** (with corresponding fixes for older maintained lines). Datadog notes **OpenSSL 3.x FIPS modules are not affected** by the highlighted CMS and PKCS#12 overflow issues, and both sources point to higher risk in services that ingest these formats from external or user-supplied inputs (e.g., S/MIME gateways, certificate management services).
1 months ago
Two High-Severity Buffer Overflow Flaws Disclosed in LinkingVision rapidvms
Two high-severity vulnerabilities, **CVE-2026-33848** and **CVE-2026-33849**, were disclosed in **LinkingVision rapidvms**, both classified as **CWE-119** improper restriction of operations within the bounds of a memory buffer. The flaws affect **rapidvms versions before `PR#96`** and carry the same **CVSS v3.1** vector, `AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`, indicating network-reachable exploitation with low attack complexity, no required privileges, user interaction, and potential for high impact across confidentiality, integrity, and availability. Both CVE records point to **GitHub pull request `#96`** in the `linkingvision/rapidvms` repository as the referenced fix or related remediation. Organizations running vulnerable rapidvms builds should review the changes in that pull request, identify any exposed instances, and prioritize upgrading or patching affected systems because successful exploitation could lead to severe compromise of the video management platform.
1 months ago