CVE-2013-2685

Published Apr 1, 2013

Last updated 3 months ago

CVSS info 7.5

Overview

Description: Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF0D8EF3-6BA5-4C60-8130-DF62A9592CE7"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B00830D-18F2-4A68-926A-2FD397674F9D"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C2E04B4-C70D-40AE-AEA5-0D39304F6C18"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C86349C-EBD4-4857-9B4B-7A608F32BBCE"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E88AC6C-50F6-486D-B0D0-97477FCD520D"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "171B2532-F5D2-4C3C-9C23-405839F590BB"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E5923D0-F168-404B-9190-871D52D74DAE"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50617F5A-5BAE-4C4A-975A-B23E9171ABDA"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE09B558-576C-461C-8089-8EE59F168ADF"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83DEBCA4-F4CC-4E78-A80F-C673105FA868"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A3720E8-67C2-492D-9DBA-6ED9085CB01F"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28E2C7E4-226C-4420-856D-E420633E301F"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFA3CDE0-AAE5-48A4-98C3-767CCCC3C9E2"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B73137F-79EA-48DD-B29E-41DB8C20711B"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F185B3E-9594-4AFD-B16B-6C82A03B93B9"
          },
          {
            "criteria": "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3740427-BBC9-4D76-9F54-C13AF097CD05"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References