CVE-2007-2893

NameCVE-2007-2893
DescriptionHeap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1351-1
Debian Bugs427144

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bochs (PTS)bullseye2.6.11+dfsg-4fixed
bookworm2.7+dfsg-4fixed
sid, trixie2.8+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bochssourcesarge2.1.1+20041109-3sarge1DSA-1351-1
bochssourceetch2.3-2etch1DSA-1351-1
bochssource(unstable)2.3+20070705-1low427144

Notes

kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730

Search for package or bug name: Reporting problems