CVE-2013-2685
Published Apr 1, 2013
Last updated 12 years ago
Overview
- Description
- Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9"
},
{
"criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05"
}
],
"operator": "OR"
}
]
}
]