Back to search
CVE-2011-0495
Published: Jan 20, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2011-0159
vdb-entry
x_refsource_VUPEN
FEDORA-2011-0794
vendor-advisory
x_refsource_FEDORA
http://downloads.asterisk.org/pub/security/AST-2011-001.html
x_refsource_CONFIRM
43373
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0449
vdb-entry
x_refsource_VUPEN
70518
vdb-entry
x_refsource_OSVDB
45839
vdb-entry
x_refsource_BID
ADV-2011-0281
vdb-entry
x_refsource_VUPEN
FEDORA-2011-0774
vendor-advisory
x_refsource_FEDORA
DSA-2171
vendor-advisory
x_refsource_DEBIAN
43119
third-party-advisory
x_refsource_SECUNIA
asterisk-asturiencode-bo(64831)
vdb-entry
x_refsource_XF
20110118 AST-2011-001: Stack buffer overflow in SIP channel driver
mailing-list
x_refsource_BUGTRAQ
42935
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now