Stack-based Buffer Overflow in Asterisk Open Source by Digium
CVE-2013-2685

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 1 April 2013

What is CVE-2013-2685?

The vulnerability in Asterisk Open Source allows attackers to exploit a stack-based buffer overflow in the processing of H.264 media attributes. Specifically, the flaw resides in the res_format_attr_h264.c file, where overly long 'sprop-parameter-sets' values in SIP Session Description Protocol (SDP) headers can lead to remote code execution. This can enable unauthorized users to execute arbitrary code on the affected system, potentially compromising its integrity and availability.

References

http://downloads.asterisk.org/pub/security/AST-2013-001.html

x_refsource_CONFIRM

https://issues.asterisk.org/jira/browse/ASTERISK-20901

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 1, 2013