Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2006-5444

Опубликовано: 23 окт. 2006
Источник: nvd
CVSS2: 7.5
EPSS Высокий

Описание

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:0.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2_beta1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2_beta2:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.8691
Высокий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2006-5444

ubuntu
почти 19 лет назад

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

debian логотип

CVE-2006-5444

debian
почти 19 лет назад

Integer overflow in the get_input function in the Skinny channel drive ...

github логотип

GHSA-j3p4-x4g4-jfg2

github
больше 3 лет назад

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

EPSS

Процентиль: 99%
0.8691
Высокий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other