{"api_version":"1","generated_at":"2026-07-09T20:24:00+00:00","cve":"CVE-2006-2923","urls":{"html":"https://cve.report/CVE-2006-2923","api":"https://cve.report/api/cve/CVE-2006-2923.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2923","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2923"},"summary":{"title":"CVE-2006-2923","description":"The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-09 10:02:00","updated_at":"2018-10-18 16:43:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27047","name":"iaxclient-truncated-frame-bo(27047)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2285","name":"ADV-2006-2285","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://iaxclient.sourceforge.net/iaxcomm/","name":"http://iaxclient.sourceforge.net/iaxcomm/","refsource":"CONFIRM","tags":[],"title":"iaxComm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml","name":"GLSA-200606-30","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  Kiax: Arbitrary code execution","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.loudhush.ro/changelog.txt","name":"http://www.loudhush.ro/changelog.txt","refsource":"CONFIRM","tags":[],"title":"404 Not Found","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/20567","name":"20567","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Kiax iaxclient Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2284","name":"ADV-2006-2284","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20623","name":"20623","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"iaxComm iaxclient Buffer Overflow Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20560","name":"20560","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"IDE FISK iaxclient Buffer Overflow Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960","name":"http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960","refsource":"CONFIRM","tags":[],"title":"SourceForge.net: Kiax - an IAX Softphone: Files","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20466","name":"20466","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Secunia - Advisories - LoudHush iaxclient Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2286","name":"ADV-2006-2286","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2180","name":"ADV-2006-2180","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/436638/100/0/threaded","name":"20060609 CORE-2006-0327: IAXclient truncated frames vulnerabilities","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20900","name":"20900","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Gentoo update for kiax","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10","name":"http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10","refsource":"MISC","tags":[],"title":"Page not found | Core Security","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18307","name":"18307","refsource":"BID","tags":["Patch"],"title":"IAXClient Multiple Truncated IAX Frames Remote Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2923","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2923","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"loudhush","cpe5":"loudhush","cpe6":"1.3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2923","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"loudhush","cpe5":"loudhush","cpe6":"1.3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2923","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-2286","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2286"},{"name":"ADV-2006-2285","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2285"},{"name":"iaxclient-truncated-frame-bo(27047)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27047"},{"name":"http://www.loudhush.ro/changelog.txt","refsource":"CONFIRM","url":"http://www.loudhush.ro/changelog.txt"},{"name":"20567","refsource":"SECUNIA","url":"http://secunia.com/advisories/20567"},{"name":"http://iaxclient.sourceforge.net/iaxcomm/","refsource":"CONFIRM","url":"http://iaxclient.sourceforge.net/iaxcomm/"},{"name":"20900","refsource":"SECUNIA","url":"http://secunia.com/advisories/20900"},{"name":"http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10","refsource":"MISC","url":"http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10"},{"name":"ADV-2006-2180","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2180"},{"name":"20623","refsource":"SECUNIA","url":"http://secunia.com/advisories/20623"},{"name":"20466","refsource":"SECUNIA","url":"http://secunia.com/advisories/20466"},{"name":"18307","refsource":"BID","url":"http://www.securityfocus.com/bid/18307"},{"name":"ADV-2006-2284","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2284"},{"name":"20060609 CORE-2006-0327: IAXclient truncated frames vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/436638/100/0/threaded"},{"name":"GLSA-200606-30","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml"},{"name":"http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960","refsource":"CONFIRM","url":"http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960"},{"name":"20560","refsource":"SECUNIA","url":"http://secunia.com/advisories/20560"}]}},"nvd":{"publishedDate":"2006-06-09 10:02:00","lastModifiedDate":"2018-10-18 16:43:00","problem_types":["CWE-119"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:loudhush:loudhush:1.3.6:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2923","Ordinal":"18243","Title":"CVE-2006-2923","CVE":"CVE-2006-2923","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2923","Ordinal":"1","NoteData":"The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2923","Ordinal":"2","NoteData":"2006-06-09","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2923","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}