VYPR
Unrated severityNVD Advisory· Published Jun 7, 2006· Updated Jun 16, 2026

CVE-2006-2898

CVE-2006-2898

Description

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Digium/Asterisk9 versions
    cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:digium:asterisk:1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*
  • Range: before 1.2.9 (1.2.x) / before 1.0.11 (1.0.x)

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.