Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE Vulnerabilities » CVE-2006-2923

CVE-2006-2923 The iax_net_read function in the iaxclient

  • CVE ID: CVE-2006-2923
  • Vendors:
  • Date: November 30, -0001
  • Severity: Low
  • Impact score: 0.00
  • Exploit score: 0.00

The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »