Description
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
References (15)
Core 15
Core References
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0159
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2011-001.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43373
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0449
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/70518
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45839
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0281
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2171
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43119
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
Patch, Vendor Advisory x_refsource_misc
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515781/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42935
Scores
EPSS
0.0421
EPSS Percentile
89.8%
Details
CWE
CWE-787
Status
published
Products (7)
debian/debian_linux
6.0
digium/asterisk
< c.3.6.2
digium/asterisk
1.2.0 - 1.2.40
digium/asterisknow
1.5
digium/s800i_firmware
1.2.0
fedoraproject/fedora
13
fedoraproject/fedora
14
Published
Jan 20, 2011
Tracked Since
Feb 18, 2026