CVE-2013-2685Improper Restriction of Operations within the Bounds of a Memory Buffer in Open Source

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.5HIGHNVD
EPSS
8.9%
top 7.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Asterisk Open SourceDebian Asterisk
Timeline
PublishedApr 1
Latest updateMay 17

Description

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDasterisk/open_source8 versions+7

🔴Vulnerability Details

1
GHSA
GHSA-xgpw-j4x5-5gv2: Stack-based buffer overflow in res/res_format_attr_h2642022-05-17

📋Vendor Advisories

1
Debian
CVE-2013-2685: asterisk - Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Sourc...2013

💬Community

2
Bugzilla
CVE-2013-2685 CVE-2013-2686 CVE-2013-2264 asterisk: various flaws [fedora-18]2013-03-27
Bugzilla
CVE-2013-2685 asterisk: buffer overflow via SIP SDP header (AST-2013-001)2013-03-27
CVE-2013-2685 — Asterisk Open Source vulnerability | cvebase