Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5444 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

87.1%

top 0.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedOct 23

Latest updateMay 1

Description

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:1.2.13~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:1.2.13~dfsg-1

▶NVDdigium/asterisk26 versions+25

Patches

Patch: ftp.digium.com ↗Patch: ftp.digium.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-j3p4-x4g4-jfg2: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny↗2022-05-01

▶

OSV

CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny↗2006-10-23

▶

💥Exploits & PoCs

Exploit-DB

Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)↗2006-10-19

▶

📋Vendor Advisories

Debian

CVE-2006-5444: asterisk - Integer overflow in the get_input function in the Skinny channel driver (chan_sk...↗2006

▶