CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
Severity
UNKNOWN
AV:N/AC:M/Au:S/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
digiumasterisk
1.2.0 ≤
𝑥
≤ 1.2.40
digiumasterisk
1.4.0 ≤
𝑥
< 1.4.38.1
digiumasterisk
1.4.39 ≤
𝑥
< 1.4.39.1
digiumasterisk
1.6.1 ≤
𝑥
< 1.6.1.21
digiumasterisk
1.6.2 ≤
𝑥
< 1.6.2.15.1
digiumasterisk
1.6.2.16 ≤
𝑥
< 1.6.2.16.1
digiumasterisk
1.8.0 ≤
𝑥
< 1.8.1.2
digiumasterisk
1.8.2 ≤
𝑥
< 1.8.2.2
digiumasterisknow
1.5
debiandebian_linux
6.0
digiums800i_firmware
1.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye (security)
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
sid
1:20.9.3~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
natty
Fixed 1:1.6.2.9-2ubuntu2
released
maverick
Fixed 1:1.6.2.7-1ubuntu1.1
released
lucid
Fixed 1:1.6.2.5-0ubuntu1.3
released
karmic
ignored
hardy
ignored
dapper
ignored