DEBIAN-CVE-2007-5729

DEBIAN-CVE-2007-5729 PUBLISHED CVSS 8.600000381469727 HIGH

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:12	qemu	0, 0, 0
Debian:14	qemu	0, 0, 0
Debian:13	qemu	0, 0, 0
Debian:11	qemu	0, 0, 0

Timeline

Oct 30, 2007 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2007-5729 advisory

Open in Interactive Console →