Security Advisory

CVE-2006-5444

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-10-23 17:00:00

Last updated 2024-08-07 19:48:30

Assigner mitre

State PUBLISHED

Description

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

← Browse all CVEs View on cve.org ↗