CVE-2006-2898

EPSS 0.32%

asterisk - several

Published: 6/7/2006Modified: 4/28/2026

Description

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

Affected packages (3)

Debian/asteriskfrom 0, < 1:1.2.10.dfsg-2
Debian/asteriskfrom 0, < 1:1.0.7.dfsg.1-2sarge3
Debian/iaxmodemfrom 0, < 0.1.8.dfsg-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-2898