CVE

Id
48407  
CVE No.
CVE-2011-0495  
Status
Candidate  
Description
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.  
Phase
Assigned (20110119)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
525705 48407 CVE-2011-0495 BUGTRAQ:20110118 AST-2011-001: Stack buffer overflow in SIP channel driver  View
525706 48407 CVE-2011-0495 URL:http://www.securityfocus.com/archive/1/archive/1/515781/100/0/threaded  View
525707 48407 CVE-2011-0495 MISC:http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff  View
525708 48407 CVE-2011-0495 CONFIRM:http://downloads.asterisk.org/pub/security/AST-2011-001.html  View
525709 48407 CVE-2011-0495 DEBIAN:DSA-2171  View
525710 48407 CVE-2011-0495 URL:http://www.debian.org/security/2011/dsa-2171  View
525711 48407 CVE-2011-0495 FEDORA:FEDORA-2011-0794  View
525712 48407 CVE-2011-0495 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html  View
525713 48407 CVE-2011-0495 FEDORA:FEDORA-2011-0774  View
525714 48407 CVE-2011-0495 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html  View
525715 48407 CVE-2011-0495 BID:45839  View
525716 48407 CVE-2011-0495 URL:http://www.securityfocus.com/bid/45839  View
525717 48407 CVE-2011-0495 OSVDB:70518  View
525718 48407 CVE-2011-0495 URL:http://osvdb.org/70518  View
525719 48407 CVE-2011-0495 SECUNIA:43119  View
525720 48407 CVE-2011-0495 URL:http://secunia.com/advisories/43119  View
525721 48407 CVE-2011-0495 SECUNIA:42935  View
525722 48407 CVE-2011-0495 URL:http://secunia.com/advisories/42935  View
525723 48407 CVE-2011-0495 SECUNIA:43373  View
525724 48407 CVE-2011-0495 URL:http://secunia.com/advisories/43373  View
525725 48407 CVE-2011-0495 VUPEN:ADV-2011-0159  View
525726 48407 CVE-2011-0495 URL:http://www.vupen.com/english/advisories/2011/0159  View
525727 48407 CVE-2011-0495 VUPEN:ADV-2011-0281  View
525728 48407 CVE-2011-0495 URL:http://www.vupen.com/english/advisories/2011/0281  View
525729 48407 CVE-2011-0495 VUPEN:ADV-2011-0449  View
525730 48407 CVE-2011-0495 URL:http://www.vupen.com/english/advisories/2011/0449  View
525731 48407 CVE-2011-0495 XF:asterisk-asturiencode-bo(64831)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
33902 JVNDB-2011-004144 VideoSpirit Pro および VideoSpirit Lite におけるバッファオーバーフローの脆弱性 VideoSpirit Pro および VideoSpirit Lite には、バッファオーバーフローの脆弱性が存在します。 CVE-2011-0500 48407 9.3 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004144.html  View