cbcvebase.
CVE-2011-0495
published 2011-01-20

CVE-2011-0495: Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1…

PriorityP337medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
4.21%
89.7th percentile
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:1.6.2.9-2+squeeze1 (bullseye)asterisk 1:1.6.2.9-2+squeeze1 (bullseye)
debiandebian_linux
digiumasterisk< c.3.6.2c.3.6.2
digiumasterisk>= 0 < 1:1.6.2.9-2+squeeze11:1.6.2.9-2+squeeze1
digiumasterisk1.2.0 – 1.2.40
digiumasterisk>= 1.4.0 < 1.4.38.11.4.38.1
digiumasterisk>= 1.4.39 < 1.4.39.11.4.39.1
digiumasterisk>= 1.6.1 < 1.6.1.211.6.1.21
digiumasterisk>= 1.6.2 < 1.6.2.15.11.6.2.15.1
digiumasterisk>= 1.6.2.16 < 1.6.2.16.11.6.2.16.1
digiumasterisk>= 1.8.0 < 1.8.1.21.8.1.2
digiumasterisk>= 1.8.2 < 1.8.2.21.8.2.2
digiumasterisknow
digiums800i_firmware
fedoraprojectfedora
fedoraprojectfedora

CVSS provenance

nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.