CVE-2006-2898

EPSS 0.32%

asterisk - several

發布日:2006/6/7修改日:2026/4/28

也稱為:DEBIAN-CVE-2006-2898

描述

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

受影響套件(3)

Debian/asteriskfrom 0, < 1:1.2.10.dfsg-2
Debian/asteriskfrom 0, < 1:1.0.7.dfsg.1-2sarge3
Debian/iaxmodemfrom 0, < 0.1.8.dfsg-2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-2898