CVE-2007-5729
QEMU 0.8.2 - Heap-Based Buffer Overflow via NE2000 Ethernet Frame MTU Bypass
Title source: llmDescription
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
References (15)
Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23731
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/42986
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1284
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38238
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25073
Technical Description, Third Party Advisory x_refsource_misc
http://taviso.decsystem.org/virtsec.pdf
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27486
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33568
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1597
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29129
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25095
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-October/001842.html
Scores
EPSS
0.0014
EPSS Percentile
34.3%
Details
CWE
CWE-119
Status
published
Products (5)
debian/debian_linux
3.1
debian/debian_linux
4.0
opensuse/opensuse
11.0
opensuse/opensuse
11.1
qemu/qemu
0.8.2
Published
Oct 30, 2007
Tracked Since
Feb 18, 2026