CVE-2006-2923
Loudhush Multiple Products - Remote Code Execution via Crafted IAX2 Packets
Title source: llmDescription
The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.
References (17)
Core 17
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2286
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2285
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27047
Various Sources x_refsource_confirm
http://www.loudhush.ro/changelog.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20567
Product x_refsource_confirm
http://iaxclient.sourceforge.net/iaxcomm/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20900
Various Sources x_refsource_misc
http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2180
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20623
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20466
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18307
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2284
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/436638/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20560
Scores
EPSS
0.0438
EPSS Percentile
90.2%
Details
CWE
CWE-119
Status
published
Products (1)
loudhush/loudhush
1.3.6
Published
Jun 09, 2006
Tracked Since
Feb 18, 2026