Published: 01/04/2013 Updated: 02/04/2013

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x prior to 11.2.2 allows remote malicious users to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asterisk open source 11.0.0
asterisk open source 11.0.1
asterisk open source 11.0.2
asterisk open source 11.1.0
asterisk open source 11.1.1
asterisk open source 11.2.1
asterisk open source 11.1.2
asterisk open source 11.2.0

Debian Bug report logs - #704114 asterisk: asterisk security advisories: AST-2013-001 / AST-2013-002 / AST-2013-003 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <car ...

CWE-119 https://issues.asterisk.org/jira/browse/ASTERISK-20901 http://downloads.asterisk.org/pub/security/AST-2013-001.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2685

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect