CVE-2007-2893 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Bochs

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 81.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bochs Project Bochs Debian Bochs

Timeline

PublishedMay 30

Latest updateMay 1

Description

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/bochs< bochs 2.3+20070705-1 (bookworm)

▶Debianbochs_project/bochs< 2.3+20070705-1+3

▶NVDbochs_project/bochs2.3

🔴Vulnerability Details

GHSA

GHSA-4f58-4q55-p757: Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k↗2022-05-01

▶

OSV

CVE-2007-2893: Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k↗2007-05-30

▶

📋Vendor Advisories

Red Hat

xen NE2000 RX Frame Heap Overflow↗2007-04-20

▶

Debian

CVE-2007-2893: bochs - Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc ...↗2007

▶

💬Community

Bugzilla

CVE-2007-2894: bochs guest OS local user DoS↗2007-05-30

▶

Bugzilla

CVE-2007-2893 xen NE2000 RX Frame Heap Overflow↗2007-04-20

▶