Description
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2013-001.html
Vendor Advisory x_refsource_confirm
https://issues.asterisk.org/jira/browse/ASTERISK-20901
Scores
EPSS
0.0262
EPSS Percentile
83.7%
Details
CWE
CWE-119
Status
published
Products (8)
asterisk/open_source
11.0.0 (5 CPE variants)
asterisk/open_source
11.0.1
asterisk/open_source
11.0.2
asterisk/open_source
11.1.0 (3 CPE variants)
asterisk/open_source
11.1.1
asterisk/open_source
11.1.2
asterisk/open_source
11.2.0 (3 CPE variants)
asterisk/open_source
11.2.1
Published
Apr 01, 2013
Tracked Since
Feb 18, 2026