{"api_version":"1","generated_at":"2026-04-23T12:20:18+00:00","cve":"CVE-2011-0495","urls":{"html":"https://cve.report/CVE-2011-0495","api":"https://cve.report/api/cve/CVE-2011-0495.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-0495","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-0495"},"summary":{"title":"CVE-2011-0495","description":"Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2011-01-20 19:00:00","updated_at":"2020-07-15 13:40:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"http://downloads.asterisk.org/pub/security/AST-2011-001.html","name":"http://downloads.asterisk.org/pub/security/AST-2011-001.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"AST-2011-001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/42935","name":"42935","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Asterisk \"ast_uri_encode()\" Buffer Overflow Vulnerability - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64831","name":"asterisk-asturiencode-bo(64831)","refsource":"XF","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2011/0159","name":"ADV-2011-0159","refsource":"VUPEN","tags":["Permissions Required"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/45839","name":"45839","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Asterisk SIP Channel Driver Stack Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/515781/100/0/threaded","name":"20110118 AST-2011-001: Stack buffer overflow in SIP channel driver","refsource":"BUGTRAQ","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/43119","name":"43119","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Fedora update for asterisk - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff","name":"http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/70518","name":"70518","refsource":"OSVDB","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2011/0449","name":"ADV-2011-0449","refsource":"VUPEN","tags":["Permissions Required"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2011/0281","name":"ADV-2011-0281","refsource":"VUPEN","tags":["Permissions Required"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html","name":"FEDORA-2011-0774","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 14 Update: asterisk-1.6.2.16.1-1.fc14","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html","name":"FEDORA-2011-0794","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 13 Update: asterisk-1.6.2.16.1-1.fc13","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/43373","name":"43373","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Debian update for asterisk - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2011/dsa-2171","name":"DSA-2171","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-2171-1 asterisk","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-0495","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0495","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"business","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"business","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1.2.40","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisknow","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisknow","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"digium","cpe5":"s800i","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"digium","cpe5":"s800i","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"digium","cpe5":"s800i_firmware","cpe6":"1.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"digium","cpe5":"s800i_firmware","cpe6":"1.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"495","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2011-0495","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2011-0159","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2011/0159"},{"name":"FEDORA-2011-0794","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html"},{"name":"http://downloads.asterisk.org/pub/security/AST-2011-001.html","refsource":"CONFIRM","url":"http://downloads.asterisk.org/pub/security/AST-2011-001.html"},{"name":"43373","refsource":"SECUNIA","url":"http://secunia.com/advisories/43373"},{"name":"ADV-2011-0449","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2011/0449"},{"name":"70518","refsource":"OSVDB","url":"http://osvdb.org/70518"},{"name":"45839","refsource":"BID","url":"http://www.securityfocus.com/bid/45839"},{"name":"ADV-2011-0281","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2011/0281"},{"name":"FEDORA-2011-0774","refsource":"FEDORA","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html"},{"name":"DSA-2171","refsource":"DEBIAN","url":"http://www.debian.org/security/2011/dsa-2171"},{"name":"43119","refsource":"SECUNIA","url":"http://secunia.com/advisories/43119"},{"name":"asterisk-asturiencode-bo(64831)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64831"},{"name":"http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff","refsource":"MISC","url":"http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"},{"name":"20110118 AST-2011-001: Stack buffer overflow in SIP channel driver","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/515781/100/0/threaded"},{"name":"42935","refsource":"SECUNIA","url":"http://secunia.com/advisories/42935"}]}},"nvd":{"publishedDate":"2011-01-20 19:00:00","lastModifiedDate":"2020-07-15 13:40:00","problem_types":["CWE-787"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6},"severity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndIncluding":"1.2.40","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*","versionEndExcluding":"c.3.6.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.2.16","versionEndExcluding":"1.6.2.16.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.39","versionEndExcluding":"1.4.39.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.1","versionEndExcluding":"1.6.1.21","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.38.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.2","versionEndExcluding":"1.6.2.15.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.8.2","versionEndExcluding":"1.8.2.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"1.8.0","versionEndExcluding":"1.8.1.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:digium:s800i_firmware:1.2.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"495","Ordinal":"47546","Title":"CVE-2011-0495","CVE":"CVE-2011-0495","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"495","Ordinal":"1","NoteData":"Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"495","Ordinal":"2","NoteData":"2011-01-20","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"495","Ordinal":"3","NoteData":"2018-10-09","Type":"Other","Title":"Modified"}]}}}