CVE-2011-0495

Digium Asterisk < c.3.6.2 - Out-of-Bounds Write

Title source: rule
STIX 2.1

Description

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

References (15)

Core 15
Core References
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0159
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43373
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0449
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/70518
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45839
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0281
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2171
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43119
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515781/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42935

Scores

EPSS 0.0421
EPSS Percentile 89.8%

Details

CWE
CWE-787
Status published
Products (7)
debian/debian_linux 6.0
digium/asterisk < c.3.6.2
digium/asterisk 1.2.0 - 1.2.40
digium/asterisknow 1.5
digium/s800i_firmware 1.2.0
fedoraproject/fedora 13
fedoraproject/fedora 14
Published Jan 20, 2011
Tracked Since Feb 18, 2026