CVE-2007-2057
published 2007-04-18CVE-2007-2057: Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
19.35%
97.0th percentile
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aircrack-ng | aircrack-ng | >= 0 < 1:0.7-3 | 1:0.7-3 |
| aircrack-ng | aircrack-ng | >= 0 < 1:0.7-3 | 1:0.7-3 |
| aircrack-ng | aircrack-ng | >= 0 < 1:0.7-3 | 1:0.7-3 |
| aircrack-ng | aircrack-ng | >= 0 < 1:0.7-3 | 1:0.7-3 |
| aircrack-ng | airodump-ng | — | — |
| debian | aircrack-ng | < aircrack-ng 1:0.7-3 (bookworm) | aircrack-ng 1:0.7-3 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xeb\x14\x59\x31\xdb\x31\xd2\xb2\x1b\x31\xc0\x88\x04\x11\xb0\x04\xcd\x80\xb0\x01\xcd\x80\xe8\xe7\xff\xff\xff
bytes↗
ppacket[0] = 0xB0; ppacket[1] = 0; ppacket[24] = 1; ppacket[25] = 0; ppacket[26] = 2; ppacket[27] = 0;
bytes↗
\x20\x05\x00\x00 at offset ppacket+1032
- →The shellcode payload contains the ASCII string 'Stop sniffing our network!!' — scan captured 802.11 frames for this string as a high-confidence exploit indicator. ↗
- →Exploit uses the lorcon packet injection library (tx80211_*) for transmission; presence of lorcon-linked binaries or the compiled exploit binary 'airodump-remote' on a host may indicate attacker tooling. ↗
- ·Shellcode is limited to a maximum of 792 bytes within the NOP sled region; larger shellcode will overwrite critical overflow offsets and break exploitation. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-962g-8m7j-2mv2: Stack-based buffer overflow in aircrack-ng airodump-ng 0
ghsa_unreviewed·2022-05-01
CVE-2007-2057 [HIGH] GHSA-962g-8m7j-2mv2: Stack-based buffer overflow in aircrack-ng airodump-ng 0
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
OSV
CVE-2007-2057: Stack-based buffer overflow in aircrack-ng airodump-ng 0
osv·2007-04-18·CVSS 10.0
CVE-2007-2057 [CRITICAL] CVE-2007-2057: Stack-based buffer overflow in aircrack-ng airodump-ng 0
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
Debian
CVE-2007-2057: aircrack-ng - Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attacke...
vendor_debian·2007·CVSS 10.0
CVE-2007-2057 [CRITICAL] CVE-2007-2057: aircrack-ng - Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attacke...
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
Scope: local
bookworm: resolved (fixed in 1:0.7-3)
bullseye: resolved (fixed in 1:0.7-3)
forky: resolved (fixed in 1:0.7-3)
sid: resolved (fixed in 1:0.7-3)
trixie: resolved (fixed in 1:0.7-3)
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/34931http://secunia.com/advisories/24880http://secunia.com/advisories/24964http://secunia.com/advisories/24982http://security.gentoo.org/glsa/glsa-200704-16.xmlhttp://securityreason.com/securityalert/2584http://www.debian.org/security/2007/dsa-1280http://www.kb.cert.org/vuls/id/349828http://www.nop-art.net/advisories/airodump-ng.txthttp://www.securityfocus.com/archive/1/465552/100/0/threadedhttp://www.securityfocus.com/bid/23467http://www.vupen.com/english/advisories/2007/1379https://exchange.xforce.ibmcloud.com/vulnerabilities/33626http://osvdb.org/34931http://secunia.com/advisories/24880http://secunia.com/advisories/24964http://secunia.com/advisories/24982http://security.gentoo.org/glsa/glsa-200704-16.xmlhttp://securityreason.com/securityalert/2584http://www.debian.org/security/2007/dsa-1280http://www.kb.cert.org/vuls/id/349828http://www.nop-art.net/advisories/airodump-ng.txthttp://www.securityfocus.com/archive/1/465552/100/0/threadedhttp://www.securityfocus.com/bid/23467http://www.vupen.com/english/advisories/2007/1379https://exchange.xforce.ibmcloud.com/vulnerabilities/33626
2007-04-18
Published