CVE-2006-2923
Summary
| CVE | CVE-2006-2923 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-09 10:02:00 UTC |
| Updated | 2018-10-18 16:43:00 UTC |
| Description | The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| iaxComm | CONFIRM | iaxclient.sourceforge.net | |
| Gentoo Linux Documentation -- Kiax: Arbitrary code execution | GENTOO | www.gentoo.org | |
| 404 Not Found | CONFIRM | www.loudhush.ro | |
| Kiax iaxclient Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| iaxComm iaxclient Buffer Overflow Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| IDE FISK iaxclient Buffer Overflow Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| SourceForge.net: Kiax - an IAX Softphone: Files | CONFIRM | sourceforge.net | |
| Secunia - Advisories - LoudHush iaxclient Buffer Overflow Vulnerability | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Secunia - Advisories - Gentoo update for kiax | SECUNIA | secunia.com | Vendor Advisory |
| Page not found | Core Security | MISC | www.coresecurity.com | |
| IAXClient Multiple Truncated IAX Frames Remote Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.