Skip to content

Buffer overflow in ICE with long username

High
sauwming published GHSA-j29p-pvh2-pvqp Feb 11, 2026

Package

pjnath

Affected versions

2.16 or lower

Patched versions

2.17

Description

A buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.

Impact

This vulnerability affects applications that use ICE. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption.

Patches

The patch is available as commit 063b3a1 in the master branch.

For more information

If you have any questions or comments about this advisory:
Email us at security@pjsip.org

Severity

High

CVE ID

CVE-2026-25994

Weaknesses

No CWEs

Credits