6

CVE-2011-0495

EPSS 0.57%
Published 20.01.2011 19:00:08
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Digium ≫ Asterisk SwEditionbusiness Version < c.3.6.2

Digium ≫ Asterisk Version >= 1.2.0 <= 1.2.40

Digium ≫ Asterisk Version >= 1.4.0 < 1.4.38.1

Digium ≫ Asterisk Version >= 1.4.39 < 1.4.39.1

Digium ≫ Asterisk Version >= 1.6.1 < 1.6.1.21

Digium ≫ Asterisk Version >= 1.6.2 < 1.6.2.15.1

Digium ≫ Asterisk Version >= 1.6.2.16 < 1.6.2.16.1

Digium ≫ Asterisk Version >= 1.8.0 < 1.8.1.2

Digium ≫ Asterisk Version >= 1.8.2 < 1.8.2.2

Digium ≫ Asterisknow Version1.5

Fedoraproject ≫ Fedora Version13

Fedoraproject ≫ Fedora Version14

Debian ≫ Debian Linux Version6.0

Digium ≫ S800i Firmware Version1.2.0

Digium ≫ S800i Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.677

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff

Patch

Vendor Advisory

http://downloads.asterisk.org/pub/security/AST-2011-001.html

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html

Third Party Advisory

http://osvdb.org/70518

Broken Link

http://secunia.com/advisories/42935

Third Party Advisory

http://secunia.com/advisories/43119

Third Party Advisory

http://secunia.com/advisories/43373

Third Party Advisory

http://www.debian.org/security/2011/dsa-2171

Third Party Advisory

http://www.securityfocus.com/archive/1/515781/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/45839

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2011/0159

Permissions Required

http://www.vupen.com/english/advisories/2011/0281

Permissions Required

http://www.vupen.com/english/advisories/2011/0449

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/64831

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2011-0495

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-0495

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-0495

EUVD