CVE-2013-2685

NONE EPSS 83.6%
Published Apr 1, 201313y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 1, 2013 13y ago
Last Modified Jun 16, 2026 2w ago

Description

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

Threat Intelligence

EPSS Exploit Probability
83.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 16

VendorProductVersionRange
asteriskopen_source11.0.0any
asteriskopen_source11.0.0any
asteriskopen_source11.0.0any
asteriskopen_source11.0.0any
asteriskopen_source11.0.0any
asteriskopen_source11.0.1any
asteriskopen_source11.0.2any
asteriskopen_source11.1.0any
asteriskopen_source11.1.0any
asteriskopen_source11.1.0any
asteriskopen_source11.1.1any
asteriskopen_source11.1.2any
asteriskopen_source11.2.0any
asteriskopen_source11.2.0any
asteriskopen_source11.2.0any
asteriskopen_source11.2.1any

References 2

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.