{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28799", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T14:25:19.245Z", "datePublished": "2026-03-06T06:36:55.109Z", "dateUpdated": "2026-03-09T19:50:33.494Z"}, "containers": {"cna": {"title": "PJSIP: Heap use-after-free in PJSIP presence subscription termination handler", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc"}, {"name": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1", "tags": ["x_refsource_MISC"], "url": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1"}], "affected": [{"vendor": "pjsip", "product": "pjproject", "versions": [{"version": "< 2.17", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:36:55.109Z"}, "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17."}], "source": {"advisory": "GHSA-8fj4-fv9f-hjpc", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T19:50:23.183687Z", "id": "CVE-2026-28799", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:50:33.494Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T19:50:23.183687Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T19:50:28.703Z"}}], "cna": {"title": "PJSIP: Heap use-after-free in PJSIP presence subscription termination handler", "source": {"advisory": "GHSA-8fj4-fv9f-hjpc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "pjsip", "product": "pjproject", "versions": [{"status": "affected", "version": "< 2.17"}]}], "references": [{"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc", "name": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1", "name": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T06:36:55.109Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28799", "state": "PUBLISHED", "dateUpdated": "2026-03-09T19:50:33.494Z", "dateReserved": "2026-03-03T14:25:19.245Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-06T06:36:55.109Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pjsip:pjsip:*:*:*:*:*:*:*:*", "matchCriteriaId": "117AFEC4-36E1-424F-B2A3-6EC94FBBDF38", "versionEndExcluding": "2.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that is triggered during presence unsubscription (SUBSCRIBE with Expires=0). This issue has been patched in version 2.17."}, {"lang": "es", "value": "PJSIP es una librer\u00eda de comunicaci\u00f3n multimedia gratuita y de c\u00f3digo abierto escrita en C. Antes de la versi\u00f3n 2.17, existe una vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de heap en el framework de suscripci\u00f3n de eventos de PJSIP (evsub.c) que se activa durante la anulaci\u00f3n de suscripci\u00f3n de presencia (SUBSCRIBE con Expires=0). Este problema ha sido parcheado en la versi\u00f3n 2.17."}], "id": "CVE-2026-28799", "lastModified": "2026-03-10T19:44:11.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-06T07:16:00.527", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1"}, {"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "PJSIP: PJSIP: Denial of Service via heap use-after-free in event subscription", "id": "2445116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445116"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in PJSIP. A remote attacker can exploit a heap use-after-free vulnerability within the event subscription framework by sending a specially crafted message during presence unsubscription. This can lead to a denial of service, making the affected system unavailable."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-28799", "public_date": "2026-03-06T06:36:55Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28799\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28799\nhttps://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1\nhttps://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc"], "statement": "IMPORTANT: A heap use-after-free vulnerability in PJSIP's event subscription framework allows a remote attacker to cause a denial of service. This flaw is triggered by sending a specially crafted message during presence unsubscription, leading to system unavailability. Red Hat products utilizing PJSIP for presence functionality may be affected.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.17)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "pjproject", "source": "cna", "vendor": "pjsip"}, "product": "pjproject", "vendor": "pjsip"}], "created": "2026-03-09T10:08:28.314791+00:00", "updated": "2026-03-09T10:08:28.314878+00:00", "vendors": ["pjsip", "pjsip$PRODUCT$pjproject"]}