Unrated severityNVD Advisory· Published Jun 9, 2006· Updated Apr 16, 2026
CVE-2006-2923
CVE-2006-2923
Description
The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- secunia.com/advisories/20466nvdPatchVendor Advisory
- www.securityfocus.com/bid/18307nvdPatch
- secunia.com/advisories/20560nvdVendor Advisory
- secunia.com/advisories/20567nvdVendor Advisory
- secunia.com/advisories/20623nvdVendor Advisory
- secunia.com/advisories/20900nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2180nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2284nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2285nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2286nvdVendor Advisory
- iaxclient.sourceforge.net/iaxcomm/nvd
- sourceforge.net/project/shownotes.phpnvd
- www.coresecurity.com/common/showdoc.phpnvd
- www.gentoo.org/security/en/glsa/glsa-200606-30.xmlnvd
- www.loudhush.ro/changelog.txtnvd
- www.securityfocus.com/archive/1/436638/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/27047nvd
News mentions
0No linked articles in our index yet.