CVE-2013-2685

Asterisk Open Source <11.2.2 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://issues.asterisk.org/jira/browse/ASTERISK-20901

Scores

EPSS 0.0262
EPSS Percentile 83.7%

Details

CWE
CWE-119
Status published
Products (8)
asterisk/open_source 11.0.0 (5 CPE variants)
asterisk/open_source 11.0.1
asterisk/open_source 11.0.2
asterisk/open_source 11.1.0 (3 CPE variants)
asterisk/open_source 11.1.1
asterisk/open_source 11.1.2
asterisk/open_source 11.2.0 (3 CPE variants)
asterisk/open_source 11.2.1
Published Apr 01, 2013
Tracked Since Feb 18, 2026