Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2xxf-t9ck-a7dj

Summary Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

Aliases

alias	CVE-2006-5444

Fixed_packages

url	pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.13~dfsg-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gh5j-yza2-v3fu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

url	pkg:ebuild/net-misc/asterisk@1.0.12
purl	pkg:ebuild/net-misc/asterisk@1.0.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/asterisk@1.0.12

url	pkg:ebuild/net-misc/asterisk@1.2.13
purl	pkg:ebuild/net-misc/asterisk@1.2.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/asterisk@1.2.13

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-5444

reference_id

reference_type

scores

value	0.87055
scoring_system	epss
scoring_elements	0.99455
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-5444

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080
reference_id	395080
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080

reference_url	https://security.gentoo.org/glsa/200610-15
reference_id	GLSA-200610-15
reference_type
scores
url	https://security.gentoo.org/glsa/200610-15

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/2597.pl
reference_id	OSVDB-29972;CVE-2006-5444
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/2597.pl

Weaknesses

Exploits

date_added	2006-10-18
description	Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2006-10-19
exploit_type	dos
platform	multiple
source_date_updated	`null`
data_source	Exploit-DB
source_url

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xxf-t9ck-a7dj

Vulnerability Instance