CVE-2013-2685

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions prior to 11.2.2

Description The issue is related to a stack-based buffer overflow in the res/res format attr h264.c file, which allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

Recommendations For versions prior to 11.2.2, update to version 11.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the res/res format attr h264.c file or limiting the length of the sprop-parameter-sets H.264 media attribute in SIP SDP headers to minimize the risk of exploitation.