Vulnerability Description
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Open Source | 11.0.0 |
Related Weaknesses (CWE)
References
- http://downloads.asterisk.org/pub/security/AST-2013-001.html
- https://issues.asterisk.org/jira/browse/ASTERISK-20901Vendor Advisory
- http://downloads.asterisk.org/pub/security/AST-2013-001.html
- https://issues.asterisk.org/jira/browse/ASTERISK-20901Vendor Advisory
FAQ
What is CVE-2013-2685?
CVE-2013-2685 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attri...
How severe is CVE-2013-2685?
CVE-2013-2685 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2685?
Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Open Source.