CVE-2007-2893

NameCVE-2007-2893
DescriptionHeap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1351-1
NVD severityhigh (attack range: local)
Debian Bugs427144

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bochs (PTS)wheezy2.4.6-5fixed
jessie2.6-2fixed
buster, stretch, sid2.6-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bochssource(unstable)2.3+20070705-1low427144
bochssourceetch2.3-2etch1highDSA-1351-1
bochssourcesarge2.1.1+20041109-3sarge1highDSA-1351-1

Notes

kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730

Search for package or bug name: Reporting problems