{"api_version":"1","generated_at":"2026-04-22T17:45:28+00:00","cve":"CVE-2007-1321","urls":{"html":"https://cve.report/CVE-2007-1321","api":"https://cve.report/api/cve/CVE-2007-1321.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-1321","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-1321"},"summary":{"title":"CVE-2007-1321","description":"Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-10-30 22:46:00","updated_at":"2020-12-15 23:52:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://taviso.decsystem.org/virtsec.pdf","name":"http://taviso.decsystem.org/virtsec.pdf","refsource":"MISC","tags":["Technical Description","Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"403"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0323.html","name":"RHSA-2007:0323","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html","name":"FEDORA-2007-713","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora Core 6 Update: xen-3.0.3-12.fc6","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25095","name":"25095","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Debian update for qemu - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27072","name":"27072","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Fedora update for xen - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29129","name":"29129","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"KVM Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:162","name":"MDVSA-2008:162","refsource":"MANDRIVA","tags":["Third Party Advisory"],"title":"Support / Security / Advisories /  / MDVSA-2008:162 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25073","name":"25073","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"QEMU Various Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27047","name":"27047","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Red Hat update for xen - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302","name":"oval:org.mitre.oval:def:9302","refsource":"OVAL","tags":["Third Party Advisory"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2007/dsa-1284","name":"DSA-1284","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-1284-1 qemu","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.vupen.com/english/advisories/2007/1597","name":"ADV-2007-1597","refsource":"VUPEN","tags":["Third Party Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/23731","name":"23731","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"QEMU Multiple Local Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html","name":"FEDORA-2007-2270","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 7 Update: xen-3.1.0-6.fc7","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1018761","name":"1018761","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Xen NE2000 Driver Heap Overflow May Let Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27486","name":"27486","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Mandriva update for xen - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27103","name":"27103","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Fedora update for xen - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:203","name":"MDKSA-2007:203","refsource":"MANDRIVA","tags":["Third Party Advisory"],"title":"Support / Security / Advisories /  / MDKSA-2007:203 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.attrition.org/pipermail/vim/2007-October/001842.html","name":"20071030 Clarification on old QEMU/NE2000/Xen issues","refsource":"VIM","tags":["Third Party Advisory"],"title":"[VIM] Clarification on old QEMU/NE2000/Xen issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/35495","name":"35495","refsource":"OSVDB","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html","name":"FEDORA-2007-2708","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 7 Update: xen-3.1.0-8.fc7","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-1321","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1321","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora_core","cpe6":"6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora_core","cpe6":"6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"0.8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"0.8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"1321","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-1321","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"23731","refsource":"BID","url":"http://www.securityfocus.com/bid/23731"},{"name":"MDKSA-2007:203","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"},{"name":"FEDORA-2007-2270","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"},{"name":"27047","refsource":"SECUNIA","url":"http://secunia.com/advisories/27047"},{"name":"DSA-1284","refsource":"DEBIAN","url":"http://www.debian.org/security/2007/dsa-1284"},{"name":"1018761","refsource":"SECTRACK","url":"http://securitytracker.com/id?1018761"},{"name":"25073","refsource":"SECUNIA","url":"http://secunia.com/advisories/25073"},{"name":"http://taviso.decsystem.org/virtsec.pdf","refsource":"MISC","url":"http://taviso.decsystem.org/virtsec.pdf"},{"name":"27486","refsource":"SECUNIA","url":"http://secunia.com/advisories/27486"},{"name":"MDVSA-2008:162","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"},{"name":"35495","refsource":"OSVDB","url":"http://osvdb.org/35495"},{"name":"ADV-2007-1597","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1597"},{"name":"FEDORA-2007-2708","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"},{"name":"27103","refsource":"SECUNIA","url":"http://secunia.com/advisories/27103"},{"name":"29129","refsource":"SECUNIA","url":"http://secunia.com/advisories/29129"},{"name":"RHSA-2007:0323","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2007-0323.html"},{"name":"25095","refsource":"SECUNIA","url":"http://secunia.com/advisories/25095"},{"name":"27072","refsource":"SECUNIA","url":"http://secunia.com/advisories/27072"},{"name":"20071030 Clarification on old QEMU/NE2000/Xen issues","refsource":"VIM","url":"http://www.attrition.org/pipermail/vim/2007-October/001842.html"},{"name":"FEDORA-2007-713","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"},{"name":"oval:org.mitre.oval:def:9302","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"}]}},"nvd":{"publishedDate":"2007-10-30 22:46:00","lastModifiedDate":"2020-12-15 23:52:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"1321","Ordinal":"23860","Title":"CVE-2007-1321","CVE":"CVE-2007-1321","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"1321","Ordinal":"1","NoteData":"Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"1321","Ordinal":"2","NoteData":"2007-10-30","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"1321","Ordinal":"3","NoteData":"2017-10-09","Type":"Other","Title":"Modified"}]}}}