7.2
CVE-2007-2893
- EPSS 0.46%
- Veröffentlicht 30.05.2007 01:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginHeap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bochs Project ≫ Bochs Version2.3 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.364 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://taviso.decsystem.org/virtsec.pdf
http://bugs.gentoo.org/show_bug.cgi?id=188148
http://osvdb.org/36799
http://secunia.com/advisories/25470
http://secunia.com/advisories/26364
http://secunia.com/advisories/27715
http://security.gentoo.org/glsa/glsa-200711-21.xml
http://www.debian.org/security/2007/dsa-1351
http://www.securityfocus.com/bid/24246
http://www.vupen.com/english/advisories/2007/1936
https://exchange.xforce.ibmcloud.com/vulnerabilities/34508