VDB

CVE-2006-5444

CVE-2006-5444 PUBLISHED CVSS 7.5 HIGH

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

EPSS 87.05% · 99.5th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
87.05%
99.5th percentile

Affected Products

VendorProductVersions
n/an/an/a
digiumasterisk0.1.7, 0.1.8, 0.1.9

Timeline

  • Oct 23, 2006 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 1, 2022 CVE Updated
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›