{"api_version":"1","generated_at":"2026-07-08T23:59:25+00:00","cve":"CVE-2006-2898","urls":{"html":"https://cve.report/CVE-2006-2898","api":"https://cve.report/api/cve/CVE-2006-2898.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2898","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2898"},"summary":{"title":"CVE-2006-2898","description":"The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-07 10:02:00","updated_at":"2018-10-18 16:43:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://securitytracker.com/id?1016236","name":"1016236","refsource":"SECTRACK","tags":["Patch"],"title":"SecurityTracker.com Archives - Asterisk IAX2 Channel Driver Lets Remote Users Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21222","name":"21222","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA21222 - Debian update for asterisk - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20899","name":"20899","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SUSE Updates for Multiple Packages - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/436671/100/0/threaded","name":"20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2006_38_security.html","name":"SUSE-SR:2006:015","refsource":"SUSE","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/20658","name":"20658","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for asterisk - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18295","name":"18295","refsource":"BID","tags":["Patch"],"title":"Asterisk IAX2 Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.asterisk.org/node/95","name":"http://www.asterisk.org/node/95","refsource":"CONFIRM","tags":[],"title":"Asterisk 1.2.9.1 and Asterisk 1.0.11.1 Released - Security Fix | Asterisk","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml","name":"GLSA-200606-15","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  Asterisk: IAX2 video frame buffer overflow","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2181","name":"ADV-2006-2181","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/436127/100/0/threaded","name":"20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1126","name":"DSA-1126","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1126-1 asterisk","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27045","name":"asterisk-iax2-videoframe-bo(27045)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20497","name":"20497","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Asterisk IAX2 Channel Driver Code Execution Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2898","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2898","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.0_beta1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.0_beta2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.0_beta1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.0_beta2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2898","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"digium","cpe5":"asterisk","cpe6":"1.2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2898","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1016236","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016236"},{"name":"DSA-1126","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1126"},{"name":"20899","refsource":"SECUNIA","url":"http://secunia.com/advisories/20899"},{"name":"20658","refsource":"SECUNIA","url":"http://secunia.com/advisories/20658"},{"name":"asterisk-iax2-videoframe-bo(27045)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27045"},{"name":"21222","refsource":"SECUNIA","url":"http://secunia.com/advisories/21222"},{"name":"http://www.asterisk.org/node/95","refsource":"CONFIRM","url":"http://www.asterisk.org/node/95"},{"name":"GLSA-200606-15","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml"},{"name":"18295","refsource":"BID","url":"http://www.securityfocus.com/bid/18295"},{"name":"20497","refsource":"SECUNIA","url":"http://secunia.com/advisories/20497"},{"name":"20060606 Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/436127/100/0/threaded"},{"name":"ADV-2006-2181","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2181"},{"name":"SUSE-SR:2006:015","refsource":"SUSE","url":"http://www.novell.com/linux/security/advisories/2006_38_security.html"},{"name":"20060609 CORE-2006-0330: Asterisk PBX truncated video frame vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/436671/100/0/threaded"}]}},"nvd":{"publishedDate":"2006-06-07 10:02:00","lastModifiedDate":"2018-10-18 16:43:00","problem_types":["CWE-119"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2898","Ordinal":"18218","Title":"CVE-2006-2898","CVE":"CVE-2006-2898","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2898","Ordinal":"1","NoteData":"The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2898","Ordinal":"2","NoteData":"2006-06-07","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2898","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}