VDB
CVE-2006-5444
CVE-2006-5444
PUBLISHED
CVSS 7.5 HIGH
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
EPSS 87.05% · 99.5th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
87.05%
99.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| digium | asterisk | 0.1.7, 0.1.8, 0.1.9 |
Timeline
- Oct 23, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 1, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 22480 third-party-advisory
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 url
- DSA-1229 vendor-advisory
- GLSA-200610-15 vendor-advisory
- SUSE-SA:2006:069 vendor-advisory
- 20617 vdb
- ADV-2006-4097 vdb
- 22651 third-party-advisory
- 29972 vdb
- OpenPKG-SA-2006.024 vendor-advisory
- 20061018 Asterisk remote heap overflow mailing-list
- 23212 third-party-advisory
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 url
- asterisk-getinput-code-execution(29663) vdb
- VU#521252 third-party-advisory
- 1017089 vdb
- 22979 third-party-advisory
- http://www.asterisk.org/node/109 url
- 20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2006-5444 advisory