CVE-2011-0495
Last modified
CVE-2011-0495 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.. EPSS estimates a 4.21% chance of exploitation in the next 30 days.
Description
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Digium | Asterisk | < c.3.6.2 |
| Digium | Asterisk | >= 1.2.0, <= 1.2.40 |
| Digium | Asterisk | >= 1.4.0, < 1.4.38.1 |
| Digium | Asterisk | >= 1.4.39, < 1.4.39.1 |
| Digium | Asterisk | >= 1.6.1, < 1.6.1.21 |
| Digium | Asterisk | >= 1.6.2, < 1.6.2.15.1 |
| Digium | Asterisk | >= 1.6.2.16, < 1.6.2.16.1 |
| Digium | Asterisk | >= 1.8.0, < 1.8.1.2 |
| Digium | Asterisk | >= 1.8.2, < 1.8.2.2 |
| Digium | Asterisknow | 1.5 |
| Fedoraproject | Fedora | 13 |
| Fedoraproject | Fedora | 14 |
| Debian | Debian Linux | 6.0 |
| Digium | S800i Firmware | 1.2.0 |
References
- http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diffPatch, Vendor Advisory
- http://downloads.asterisk.org/pub/security/AST-2011-001.htmlVendor Advisory
- http://osvdb.org/70518Broken Link
- http://secunia.com/advisories/42935Third Party Advisory
- http://secunia.com/advisories/43119Third Party Advisory
- http://secunia.com/advisories/43373Third Party Advisory
- http://www.debian.org/security/2011/dsa-2171Third Party Advisory
- http://www.securityfocus.com/archive/1/515781/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/45839Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2011/0159Permissions Required
- http://www.vupen.com/english/advisories/2011/0281Permissions Required
- http://www.vupen.com/english/advisories/2011/0449Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64831Third Party Advisory, VDB Entry
- http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diffPatch, Vendor Advisory
- http://downloads.asterisk.org/pub/security/AST-2011-001.htmlVendor Advisory
- http://osvdb.org/70518Broken Link
- http://secunia.com/advisories/42935Third Party Advisory
- http://secunia.com/advisories/43119Third Party Advisory
- http://secunia.com/advisories/43373Third Party Advisory
- http://www.debian.org/security/2011/dsa-2171Third Party Advisory
- http://www.securityfocus.com/archive/1/515781/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/45839Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2011/0159Permissions Required
- http://www.vupen.com/english/advisories/2011/0281Permissions Required
- http://www.vupen.com/english/advisories/2011/0449Permissions Required
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64831Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-0495?
How severe is CVE-2011-0495?
How do I fix CVE-2011-0495?
Are you affected by CVE-2011-0495?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST