CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
digiumasterisk
1.2.0 ≤
𝑥
≤ 1.2.40
digiumasterisk
1.4.0 ≤
𝑥
< 1.4.38.1
digiumasterisk
1.4.39 ≤
𝑥
< 1.4.39.1
digiumasterisk
1.6.1 ≤
𝑥
< 1.6.1.21
digiumasterisk
1.6.2 ≤
𝑥
< 1.6.2.15.1
digiumasterisk
1.6.2.16 ≤
𝑥
< 1.6.2.16.1
digiumasterisk
1.8.0 ≤
𝑥
< 1.8.1.2
digiumasterisk
1.8.2 ≤
𝑥
< 1.8.2.2
digiumasterisknow
1.5
debiandebian_linux
6.0
digiums800i_firmware
1.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
natty
Fixed 1:1.6.2.9-2ubuntu2
released
maverick
Fixed 1:1.6.2.7-1ubuntu1.1
released
lucid
Fixed 1:1.6.2.5-0ubuntu1.3
released
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2011-001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
http://osvdb.org/70518
http://secunia.com/advisories/42935
http://secunia.com/advisories/43119
http://secunia.com/advisories/43373
http://www.debian.org/security/2011/dsa-2171
http://www.securityfocus.com/archive/1/515781/100/0/threaded
http://www.securityfocus.com/bid/45839
http://www.vupen.com/english/advisories/2011/0159
http://www.vupen.com/english/advisories/2011/0281
http://www.vupen.com/english/advisories/2011/0449
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2011-001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html
http://osvdb.org/70518
http://secunia.com/advisories/42935
http://secunia.com/advisories/43119
http://secunia.com/advisories/43373
http://www.debian.org/security/2011/dsa-2171
http://www.securityfocus.com/archive/1/515781/100/0/threaded
http://www.securityfocus.com/bid/45839
http://www.vupen.com/english/advisories/2011/0159
http://www.vupen.com/english/advisories/2011/0281
http://www.vupen.com/english/advisories/2011/0449
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831