VYPR
Unrated severityNVD Advisory· Published Jan 20, 2011· Updated Jun 16, 2026

CVE-2011-0495

CVE-2011-0495

Description

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • Digium/Asterisk3 versions
    cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*range: >=1.2.0,<=1.2.40
    • cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*range: <c.3.6.2
    • cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:digium:s800i_firmware:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
  • Range: <C.3.6.2
  • Range: <1.4.38.1, <1.4.39.1, <1.6.1.21, <1.6.2.15.1, <1.6.2.16.1, <1.8.1.2, <1.8.2

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.