Candidate: CVE-2013-2685
PublicDate: 2013-04-01 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2685
 https://issues.asterisk.org/jira/browse/ASTERISK-20901
 http://downloads.asterisk.org/pub/security/AST-2013-001.html
Description:
 Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open
 Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code
 via a long sprop-parameter-sets H.264 media attribute in a SIP Session
 Description Protocol (SDP) header.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Ulf Härnhammar
Assigned-to:
CVSS: 

Patches_asterisk:
 upstream: Http://downloads.asterisk.org/pub/security/AST-2013-001-11.diff (11)
upstream_asterisk: released (11.2.2)
hardy_asterisk: not-affected (1:1.4.17~dfsg-2ubuntu1.1)
lucid_asterisk: not-affected (1:1.6.2.5-0ubuntu1.4)
oneiric_asterisk: not-affected (1:1.8.4.4~dfsg-2ubuntu1.1)
precise_asterisk: not-affected (1:1.8.10.1~dfsg-1ubuntu1)
quantal_asterisk: not-affected (1:1.8.13.1~dfsg-1ubuntu2)
devel_asterisk: not-affected (1:1.8.13.1~dfsg-1ubuntu2)