CVE-2006-5444
- Source
- https://cve.org/CVERecord?id=CVE-2006-5444
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-5444.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2006-5444
- Downstream
- Published
- 2006-10-23T17:07:00Z
- Modified
- 2026-04-10T03:38:36.680140Z
- Summary
- [none]
- Details
-
Integer overflow in the getinput function in the Skinny channel driver (chanskinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
- References
-
- http://secunia.com/advisories/22480
- http://secunia.com/advisories/22651
- http://secunia.com/advisories/22979
- http://secunia.com/advisories/23212
- http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
- http://www.vupen.com/english/advisories/2006/4097
- http://www.securityfocus.com/bid/20617
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12
- http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13
- http://secunia.com/advisories/22480
- http://securitytracker.com/id?1017089
- http://www.asterisk.org/node/109
- http://www.securityfocus.com/bid/20617
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html
- http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
- http://www.kb.cert.org/vuls/id/521252
- http://www.osvdb.org/29972
- http://www.securityfocus.com/archive/1/449127/100/0/threaded
- http://www.securityfocus.com/archive/1/449183/100/0/threaded
- http://www.us.debian.org/security/2006/dsa-1229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29663