CVE-2011-0495
Summary
| CVE | CVE-2011-0495 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-01-20 19:00:00 UTC |
| Updated | 2020-07-15 13:40:00 UTC |
| Description | Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Application | Digium | Asterisk | All | All | All | All |
| Application | Digium | Asterisk | All | All | All | All |
| Application | Digium | Asterisk | All | All | All | All |
| Application | Digium | Asterisk | All | All | All | All |
| Application | Digium | Asterisk | All | All | All | All |
| Application | Digium | Asterisknow | 1.5 | All | All | All |
| Application | Digium | Asterisknow | 1.5 | All | All | All |
| Hardware | Digium | S800i | - | All | All | All |
| Hardware | Digium | S800i | - | All | All | All |
| Operating System | Digium | S800i Firmware | 1.2.0 | All | All | All |
| Operating System | Digium | S800i Firmware | 1.2.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 13 | All | All | All |
| Operating System | Fedoraproject | Fedora | 14 | All | All | All |
| Operating System | Fedoraproject | Fedora | 13 | All | All | All |
| Operating System | Fedoraproject | Fedora | 14 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| AST-2011-001 | CONFIRM | downloads.asterisk.org | Vendor Advisory |
| Asterisk "ast_uri_encode()" Buffer Overflow Vulnerability - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Permissions Required |
| Asterisk SIP Channel Driver Stack Buffer Overflow Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Fedora update for asterisk - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff | MISC | downloads.asterisk.org | Patch, Vendor Advisory |
| 70518 | OSVDB | osvdb.org | Broken Link |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Permissions Required |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Permissions Required |
| [SECURITY] Fedora 14 Update: asterisk-1.6.2.16.1-1.fc14 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 13 Update: asterisk-1.6.2.16.1-1.fc13 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| Debian update for asterisk - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| Debian -- Security Information -- DSA-2171-1 asterisk | DEBIAN | www.debian.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.