EIP-2026-103068

PRE-CVE

Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103068. PoCs published by [email protected].

AI-analyzed exploit summary This Perl script exploits a format string vulnerability in Asterisk's logging functions by sending a maliciously crafted UDP packet to port 5036. The payload includes format specifiers (%x) to leak memory addresses and a termination character (0x3b) to disrupt normal execution, demonstrating a remote DoS condition.

Description

Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · perlremotelinux

https://www.exploit-db.com/exploits/24221

View Code ZIP pw:eip

This Perl script exploits a format string vulnerability in Asterisk's logging functions by sending a maliciously crafted UDP packet to port 5036. The payload includes format specifiers (%x) to leak memory addresses and a termination character (0x3b) to disrupt normal execution, demonstrating a remote DoS condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Asterisk 0.7.0 to 0.7.2

No auth needed

Prerequisites: Network access to the target's UDP port 5036 · Asterisk version 0.7.0 to 0.7.2 running on the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026