Skip to main content

Open Source CVE-2013-2685

HIGH
Buffer Overflow (CWE-119)
2013-04-01 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 01, 2013 - 16:55 cve.org
HIGH 7.5

DescriptionCVE.org

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

AnalysisAI

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header. Affected products include: Asterisk Open Source. Version information: before 11.2.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2012-2186 CRITICAL
9.0 Aug 31

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.

CVE-2012-2415 MEDIUM
6.5 Apr 30

Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24

CVE-2012-0885 MEDIUM POC
4.3 Jan 25

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and med

CVE-2017-9372 HIGH
7.5 Jun 02

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13

CVE-2017-9359 HIGH
7.5 Jun 02

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certifi

CVE-2012-2416 MEDIUM
6.5 Apr 30

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk B

CVE-2012-2414 MEDIUM
6.5 Apr 30

main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x

CVE-2013-2686 MEDIUM
5.0 Apr 01

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.

CVE-2013-2264 MEDIUM
5.0 Apr 01

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certi

CVE-2012-2948 MEDIUM
4.0 Jun 02

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk

Share

CVE-2013-2685 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy