CVE-2011-5096

Published: Jul 3, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet.

Affected (2)

Products: Avaya: Aura Application Server 5300

1 product

Aura Application Server 5300

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Avaya Aura Application Server 5300	Version 1.0
Avaya Aura Application Server 5300	Version 2.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

http://zerodayinitiative.com/advisories/ZDI-11-260/

Source: cve@mitre.org

https://downloads.avaya.com/css/P8/documents/100146108

Source: cve@mitre.org

Vendor Advisory

http://zerodayinitiative.com/advisories/ZDI-11-260/

Source: af854a3a-2127-422b-91ae-364da2661108

https://downloads.avaya.com/css/P8/documents/100146108

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.