CVE-2007-5729

2007-10-3022:46:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

Percentile

10.1%

JSON

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 “mtu” heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of “NE2000 network driver and the socket code,” but this is the correct identifier for the mtu overflow vulnerability.

Affected configurations

Nvd

Node

qemuqemuMatch0.8.2

Node

debiandebian_linuxMatch3.1

debiandebian_linuxMatch4.0

Node

opensuseopensuseMatch11.0

opensuseopensuseMatch11.1

VendorProductVersionCPE
qemuqemu0.8.2cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
opensuseopensuse11.0cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
opensuseopensuse11.1cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	0.8.2	cpe:2.3:a:qemu:qemu:0.8.2:::::::*
debian	debian_linux	3.1	cpe:2.3:o:debian:debian_linux:3.1:::::::*
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0:::::::*
opensuse	opensuse	11.0	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
opensuse	opensuse	11.1	cpe:2.3:o:opensuse:opensuse:11.1:::::::*