Unrated severityNVD Advisory· Published Jun 9, 2006· Updated Jun 16, 2026
CVE-2006-2923
CVE-2006-2923
Description
The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
17- secunia.com/advisories/20466nvdPatchVendor Advisory
- www.securityfocus.com/bid/18307nvdPatch
- secunia.com/advisories/20560nvdVendor Advisory
- secunia.com/advisories/20567nvdVendor Advisory
- secunia.com/advisories/20623nvdVendor Advisory
- secunia.com/advisories/20900nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2180nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2284nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2285nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2286nvdVendor Advisory
- iaxclient.sourceforge.net/iaxcomm/nvd
- sourceforge.net/project/shownotes.phpnvd
- www.coresecurity.com/common/showdoc.phpnvd
- www.gentoo.org/security/en/glsa/glsa-200606-30.xmlnvd
- www.loudhush.ro/changelog.txtnvd
- www.securityfocus.com/archive/1/436638/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27047nvd
News mentions
0No linked articles in our index yet.