CVE-2011-0495
published 2011-01-20CVE-2011-0495: Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1…
PriorityP337medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
4.21%
89.7th percentile
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.6.2.9-2+squeeze1 (bullseye) | asterisk 1:1.6.2.9-2+squeeze1 (bullseye) |
| debian | debian_linux | — | — |
| digium | asterisk | < c.3.6.2 | c.3.6.2 |
| digium | asterisk | >= 0 < 1:1.6.2.9-2+squeeze1 | 1:1.6.2.9-2+squeeze1 |
| digium | asterisk | 1.2.0 – 1.2.40 | — |
| digium | asterisk | >= 1.4.0 < 1.4.38.1 | 1.4.38.1 |
| digium | asterisk | >= 1.4.39 < 1.4.39.1 | 1.4.39.1 |
| digium | asterisk | >= 1.6.1 < 1.6.1.21 | 1.6.1.21 |
| digium | asterisk | >= 1.6.2 < 1.6.2.15.1 | 1.6.2.15.1 |
| digium | asterisk | >= 1.6.2.16 < 1.6.2.16.1 | 1.6.2.16.1 |
| digium | asterisk | >= 1.8.0 < 1.8.1.2 | 1.8.1.2 |
| digium | asterisk | >= 1.8.2 < 1.8.2.2 | 1.8.2.2 |
| digium | asterisknow | — | — |
| digium | s800i_firmware | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-27ph-x57w-v4gm: Stack-based buffer overflow in the ast_uri_encode function in main/utils
ghsa_unreviewed·2022-05-13
CVE-2011-0495 [MEDIUM] CWE-787 GHSA-27ph-x57w-v4gm: Stack-based buffer overflow in the ast_uri_encode function in main/utils
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
OSV
CVE-2011-0495: Stack-based buffer overflow in the ast_uri_encode function in main/utils
osv·2011-01-20·CVSS 6.0
CVE-2011-0495 [MEDIUM] CVE-2011-0495: Stack-based buffer overflow in the ast_uri_encode function in main/utils
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
Debian
CVE-2011-0495: asterisk - Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in As...
vendor_debian·2011·CVSS 6.0
CVE-2011-0495 [MEDIUM] CVE-2011-0495: asterisk - Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in As...
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
Scope: local
bullseye: resolved (fixed in 1:1.6.2.9-2+squeeze1)
sid: resolved (fixed in 1:1.6.2.9-2+squeeze1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
bugzilla·2011-01-19·CVSS 6.0
CVE-2011-0495 [MEDIUM] CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
A stack-based buffer overflow was found in the way Asterisk,
an open source telephony toolkit, encoded text strings to
their URI-encoded version, when forming an outgoing SIP
request. A remote, authenticated attacker could use this
flaw to cause asterisk daemon to crash (denial of service) or,
potentially, execute arbitrary code with the privileges of
the user running asterisk via a specially-crafted caller
ID information provided to Asterisk's URIs encoding routine.
References:
[1] http://downloads.asterisk.org/pub/security/AST-2011-001.html
[2] http://seclists.org/fulldisclosure/2011/Jan/297
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?b
Bugzilla
CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) [fedora-all]
bugzilla·2011-01-19·CVSS 6.0
CVE-2011-0495 [MEDIUM] CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) [fedora-all]
CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diffhttp://downloads.asterisk.org/pub/security/AST-2011-001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.htmlhttp://osvdb.org/70518http://secunia.com/advisories/42935http://secunia.com/advisories/43119http://secunia.com/advisories/43373http://www.debian.org/security/2011/dsa-2171http://www.securityfocus.com/archive/1/515781/100/0/threadedhttp://www.securityfocus.com/bid/45839http://www.vupen.com/english/advisories/2011/0159http://www.vupen.com/english/advisories/2011/0281http://www.vupen.com/english/advisories/2011/0449https://exchange.xforce.ibmcloud.com/vulnerabilities/64831http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diffhttp://downloads.asterisk.org/pub/security/AST-2011-001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.htmlhttp://osvdb.org/70518http://secunia.com/advisories/42935http://secunia.com/advisories/43119http://secunia.com/advisories/43373http://www.debian.org/security/2011/dsa-2171http://www.securityfocus.com/archive/1/515781/100/0/threadedhttp://www.securityfocus.com/bid/45839http://www.vupen.com/english/advisories/2011/0159http://www.vupen.com/english/advisories/2011/0281http://www.vupen.com/english/advisories/2011/0449https://exchange.xforce.ibmcloud.com/vulnerabilities/64831
2011-01-20
Published