CVE-2007-2893

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

Published: 2007-05-30 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2007-2893

EPSS CVSS CWE Affected OS Tracker

Conclusion & alert: CVE-2007-2893 is rated Low Risk (34/100): CVSS High severity, with low exploitation likelihood (EPSS 0.06%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2007-2893

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-17	0.04%	0.06%	+0.01%
2	2023-03-07	1.28%	0.04%	-1.24%
3	2022-02-04	—	1.28%	—

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-2893

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.2	2.0	HIGH	`AV:L/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	3.9	10.0	[email protected]

Weakness enumeration for CVE-2007-2893

CWE-119 MITRE ↗

OS Trackers for CVE-2007-2893

vendor	priority	summary	link
`debian`	low	CVE-2007-2893 low priority: Debian including 1 source packages (bochs), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2007-2893
`gentoo`	high	CVE-2007-2893: 1 GLSA(s) (200711-21), 1 atom(s) (app-emulation/bochs); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2007-2893
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2007-2893
`ubuntu`	medium	CVE-2007-2893 medium priority: Ubuntu including 4 source packages (bochs, kvm, qemu, qemu-kvm), 33 status rows across 9 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, upstream): DNE 8, ignored 8, not-affected 8, released 6, needs-triage 2, needed 1.	https://ubuntu.com/security/CVE-2007-2893

Vendor comments (NVD) for CVE-2007-2893

Red Hat (2007-11-02T00:00:00)
Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.

Affected software / configurations for CVE-2007-2893

Vendor	Product	Version	Raw CPE
bochs_project	bochs	2.3	cpe:2.3:a:bochs_project:bochs:2.3:-::::::

References for CVE-2007-2893

URL	Tags
http://bugs.gentoo.org/show_bug.cgi?id=188148	Third Party Advisory
http://osvdb.org/36799	Broken Link
http://secunia.com/advisories/25470	Third Party Advisory
http://secunia.com/advisories/26364	Third Party Advisory
http://secunia.com/advisories/27715	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-21.xml	Third Party Advisory
http://taviso.decsystem.org/virtsec.pdf	Third Party Advisory
http://www.debian.org/security/2007/dsa-1351	Third Party Advisory
http://www.securityfocus.com/bid/24246	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/1936	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34508	Third Party Advisory VDB Entry

cvelogic Threat Intelligence