Detections
Analytics

CVE-2011-0495

high

Description

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64831

http://www.vupen.com/english/advisories/2011/0449

http://www.vupen.com/english/advisories/2011/0281

http://www.vupen.com/english/advisories/2011/0159

http://www.securityfocus.com/bid/45839

http://www.securityfocus.com/archive/1/515781/100/0/threaded

http://www.debian.org/security/2011/dsa-2171

http://secunia.com/advisories/43373

http://secunia.com/advisories/43119

http://secunia.com/advisories/42935

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html

http://downloads.asterisk.org/pub/security/AST-2011-001.html

http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff

Details

Source: Mitre, NVD

Published: 2011-01-20

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High