CVE-2013-2685
NONE EPSS 83.6%
Published Apr 1, 201313y ago · Modified Jun 16, 20262w ago
Published Apr 1, 2013 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
Threat Intelligence
EPSS Exploit Probability
83.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 16
| Vendor | Product | Version | Range |
|---|---|---|---|
| asterisk | open_source | 11.0.0 | any |
| asterisk | open_source | 11.0.0 | any |
| asterisk | open_source | 11.0.0 | any |
| asterisk | open_source | 11.0.0 | any |
| asterisk | open_source | 11.0.0 | any |
| asterisk | open_source | 11.0.1 | any |
| asterisk | open_source | 11.0.2 | any |
| asterisk | open_source | 11.1.0 | any |
| asterisk | open_source | 11.1.0 | any |
| asterisk | open_source | 11.1.0 | any |
| asterisk | open_source | 11.1.1 | any |
| asterisk | open_source | 11.1.2 | any |
| asterisk | open_source | 11.2.0 | any |
| asterisk | open_source | 11.2.0 | any |
| asterisk | open_source | 11.2.0 | any |
| asterisk | open_source | 11.2.1 | any |
References 2
- downloads.asterisk.org http://downloads.asterisk.org/pub/security/AST-2013-001.html
- issues.asterisk.org https://issues.asterisk.org/jira/browse/ASTERISK-20901
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.