CVE-2007-2893

Name: CVE-2007-2893
Creator: NVD / NIST
Published: 2007-05-30T01:30:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.46%

Last modified Jun 16, 2026

CVE-2007-2893 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow.". EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

Metrics

EPSS Probability

0.46%

36.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Bochs Project	Bochs	2.3

References

http://bugs.gentoo.org/show_bug.cgi?id=188148Third Party Advisory
http://osvdb.org/36799Broken Link
http://secunia.com/advisories/25470Third Party Advisory
http://secunia.com/advisories/26364Third Party Advisory
http://secunia.com/advisories/27715Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-21.xmlThird Party Advisory
http://taviso.decsystem.org/virtsec.pdfThird Party Advisory
http://www.debian.org/security/2007/dsa-1351Third Party Advisory
http://www.securityfocus.com/bid/24246Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/1936Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34508Third Party Advisory, VDB Entry
http://bugs.gentoo.org/show_bug.cgi?id=188148Third Party Advisory
http://osvdb.org/36799Broken Link
http://secunia.com/advisories/25470Third Party Advisory
http://secunia.com/advisories/26364Third Party Advisory
http://secunia.com/advisories/27715Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-21.xmlThird Party Advisory
http://taviso.decsystem.org/virtsec.pdfThird Party Advisory
http://www.debian.org/security/2007/dsa-1351Third Party Advisory
http://www.securityfocus.com/bid/24246Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/1936Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34508Third Party Advisory, VDB Entry

Timeline

Published: May 30, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-2893?

How severe is CVE-2007-2893?

Severity scoring for CVE-2007-2893 is pending analysis. The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2007-2893?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-2893?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST