6.4

CVE-2006-1827

Exploit

EPSS 3.38%
Veröffentlicht 18.04.2006 20:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Digium ≫ Asterisk Version <= 1.2.6

Digium ≫ Asterisk Version0.1.0

Digium ≫ Asterisk Version0.1.1

Digium ≫ Asterisk Version0.1.2

Digium ≫ Asterisk Version0.1.3

Digium ≫ Asterisk Version0.1.4

Digium ≫ Asterisk Version0.1.5

Digium ≫ Asterisk Version0.1.6

Digium ≫ Asterisk Version0.1.7

Digium ≫ Asterisk Version0.1.8

Digium ≫ Asterisk Version0.1.9

Digium ≫ Asterisk Version0.1.9.1

Digium ≫ Asterisk Version0.1.10

Digium ≫ Asterisk Version0.1.11

Digium ≫ Asterisk Version0.1.12

Digium ≫ Asterisk Version0.2

Digium ≫ Asterisk Version0.2.0

Digium ≫ Asterisk Version0.3

Digium ≫ Asterisk Version0.3.0

Digium ≫ Asterisk Version0.4

Digium ≫ Asterisk Version0.4.0

Digium ≫ Asterisk Version0.5.0

Digium ≫ Asterisk Version0.7.0

Digium ≫ Asterisk Version0.7.1

Digium ≫ Asterisk Version0.7.2

Digium ≫ Asterisk Version1.0.0

Digium ≫ Asterisk Version1.0.1

Digium ≫ Asterisk Version1.0.2

Digium ≫ Asterisk Version1.0.3

Digium ≫ Asterisk Version1.0.4

Digium ≫ Asterisk Version1.0.5

Digium ≫ Asterisk Version1.0.6

Digium ≫ Asterisk Version1.0.7

Digium ≫ Asterisk Version1.0.8

Digium ≫ Asterisk Version1.0.9

Digium ≫ Asterisk Version1.0_rc1

Digium ≫ Asterisk Version1.0_rc2

Digium ≫ Asterisk Version1.2.0_beta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.38%	0.869

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

http://secunia.com/advisories/19872

http://www.debian.org/security/2006/dsa-1048

http://secunia.com/advisories/19897

http://www.novell.com/linux/security/advisories/2006_04_28.html

http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Patch

http://secunia.com/advisories/19800

http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory

Patch

Exploit

http://www.securityfocus.com/bid/17561

http://www.vupen.com/english/advisories/2006/1478

https://nvd.nist.gov/vuln/detail/CVE-2006-1827

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1827

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1827

EUVD