CVE-2007-2893

Bochs 2.3 - Heap-Based Buffer Overflow in NE2000 Device RX Frame Handling

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

References (11)

Core 11
Core References
Third Party Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=188148
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27715
Third Party Advisory x_refsource_misc
http://taviso.decsystem.org/virtsec.pdf
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26364
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34508
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200711-21.xml
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/36799
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1351
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24246
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1936
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25470

Scores

EPSS 0.0046
EPSS Percentile 37.1%

Details

CWE
CWE-119
Status published
Products (1)
bochs_project/bochs 2.3
Published May 30, 2007
Tracked Since Feb 18, 2026