CVE-2011-0495

EUVD-2011-0515
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
digiumasterisk
1.2.0 ≤
𝑥
≤ 1.2.40
digiumasterisk
1.4.0 ≤
𝑥
< 1.4.38.1
digiumasterisk
1.4.39 ≤
𝑥
< 1.4.39.1
digiumasterisk
1.6.1 ≤
𝑥
< 1.6.1.21
digiumasterisk
1.6.2 ≤
𝑥
< 1.6.2.15.1
digiumasterisk
1.6.2.16 ≤
𝑥
< 1.6.2.16.1
digiumasterisk
1.8.0 ≤
𝑥
< 1.8.1.2
digiumasterisk
1.8.2 ≤
𝑥
< 1.8.2.2
digiumasterisknow
1.5
debiandebian_linux
6.0
digiums800i_firmware
1.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
dapper
ignored
hardy
ignored
karmic
ignored
lucid
Fixed 1:1.6.2.5-0ubuntu1.3
released
maverick
Fixed 1:1.6.2.7-1ubuntu1.1
released
natty
Fixed 1:1.6.2.9-2ubuntu2
released
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2011-001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
http://osvdb.org/70518
http://secunia.com/advisories/42935
http://secunia.com/advisories/43119
http://secunia.com/advisories/43373
http://www.debian.org/security/2011/dsa-2171
http://www.securityfocus.com/archive/1/515781/100/0/threaded
http://www.securityfocus.com/bid/45839
http://www.vupen.com/english/advisories/2011/0159
http://www.vupen.com/english/advisories/2011/0281
http://www.vupen.com/english/advisories/2011/0449
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2011-001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
http://osvdb.org/70518
http://secunia.com/advisories/42935
http://secunia.com/advisories/43119
http://secunia.com/advisories/43373
http://www.debian.org/security/2011/dsa-2171
http://www.securityfocus.com/archive/1/515781/100/0/threaded
http://www.securityfocus.com/bid/45839
http://www.vupen.com/english/advisories/2011/0159
http://www.vupen.com/english/advisories/2011/0281
http://www.vupen.com/english/advisories/2011/0449
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831