|
|||
Rule General Information |
---|
Release Date: | 2014-03-12 | |
Rule Name: | Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow Vulnerability -1 (CVE-2013-2685) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A buffer overflow vulnerability exists in Asterisk Open Source. The vulnerability is due to insufficient boundary checking when parsing attribute strings in SIP SDP headers and allows overflowing a stack buffer with an overly long string. | |
Impact: | Remote code execution | |
Affected OS: | Windows, Solaris, FreeBSD, Linux | |
Reference: | CVE-2013-2685 |
|
Solutions |
---|
Update vendor's patch. |