cbcvebase.
CVE-2007-2057
published 2007-04-18

CVE-2007-2057: Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
19.35%
97.0th percentile
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.

Affected

6 ranges
VendorProductVersion rangeFixed in
aircrack-ngaircrack-ng>= 0 < 1:0.7-31:0.7-3
aircrack-ngaircrack-ng>= 0 < 1:0.7-31:0.7-3
aircrack-ngaircrack-ng>= 0 < 1:0.7-31:0.7-3
aircrack-ngaircrack-ng>= 0 < 1:0.7-31:0.7-3
aircrack-ngairodump-ng
debianaircrack-ng< aircrack-ng 1:0.7-3 (bookworm)aircrack-ng 1:0.7-3 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

other0x8054934
other0x8055934
urlhttp://www.nop-art.net/advisories/airodump-ng.txt
versionaircrack-ng airodump-ng 0.7
bytes
\xeb\x14\x59\x31\xdb\x31\xd2\xb2\x1b\x31\xc0\x88\x04\x11\xb0\x04\xcd\x80\xb0\x01\xcd\x80\xe8\xe7\xff\xff\xff
bytes
ppacket[0] = 0xB0; ppacket[1] = 0; ppacket[24] = 1; ppacket[25] = 0; ppacket[26] = 2; ppacket[27] = 0;
bytes
\x20\x05\x00\x00 at offset ppacket+1032
  • The shellcode payload contains the ASCII string 'Stop sniffing our network!!' — scan captured 802.11 frames for this string as a high-confidence exploit indicator.
  • Exploit uses the lorcon packet injection library (tx80211_*) for transmission; presence of lorcon-linked binaries or the compiled exploit binary 'airodump-remote' on a host may indicate attacker tooling.
  • ·Shellcode is limited to a maximum of 792 bytes within the NOP sled region; larger shellcode will overwrite critical overflow offsets and break exploitation.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.