Home > Vulnerability Database > CVE-2007-2893

Mend.io Vulnerability Database

CVE-2007-2893

Date: May 29, 2007

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

Severity Score

8.4

Related Resources (14)

Url: http://taviso.decsystem.org/virtsec.pdf

Url: http://secunia.com/advisories/25470

Url: http://www.securityfocus.com/bid/24246

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-2893

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-2893

Url: http://secunia.com/advisories/27715

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/34508

Url: http://www.debian.org/security/2007/dsa-1351

Url: http://www.vupen.com/english/advisories/2007/1936

Url: http://secunia.com/advisories/26364

Url: http://bugs.gentoo.org/show_bug.cgi?id=188148

Url: http://security.gentoo.org/glsa/glsa-200711-21.xml

Url: http://osvdb.org/36799

Url: https://www.mend.io/vulnerability-database/CVE-2007-2893

Severity Score

8.4

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-2893

Date: May 29, 2007

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?