Search criteria
8 vulnerabilities found for bochs by bochs_project
CVE-2018-25220 (GCVE-0-2018-25220)
Vulnerability from nvd – Published: 2026-03-28 11:58 – Updated: 2026-03-30 14:53
VLAI?
Title
Bochs 2.6-5 Buffer Overflow Remote Code Execution
Summary
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43979 | exploit |
| http://bochs.sourceforge.net/ | product |
| https://www.vulncheck.com/advisories/bochs-5-buff… | third-party-advisory |
Date Public ?
2018-02-05 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25220",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T12:46:25.542647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:53:23.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BOCHS",
"vendor": "bochs",
"versions": [
{
"status": "affected",
"version": "2.6-5"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bochs_project:bochs:2.6-5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juan Sacco \u003cjsacco@exploitpack.com\u003e - http://exploitpack.com"
}
],
"datePublic": "2018-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T11:58:13.268Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-43979",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/43979"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://bochs.sourceforge.net/"
},
{
"name": "VulnCheck Advisory: Bochs 2.6-5 Buffer Overflow Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/bochs-5-buffer-overflow-remote-code-execution"
}
],
"title": "Bochs 2.6-5 Buffer Overflow Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25220",
"datePublished": "2026-03-28T11:58:13.268Z",
"dateReserved": "2026-03-28T11:46:46.215Z",
"dateUpdated": "2026-03-30T14:53:23.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2007-2894 (GCVE-0-2007-2894)
Vulnerability from nvd – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=188148 | x_refsource_CONFIRM |
| http://secunia.com/advisories/27715 | third-party-advisoryx_refsource_SECUNIA |
| http://taviso.decsystem.org/virtsec.pdf | x_refsource_MISC |
| http://osvdb.org/42119 | vdb-entryx_refsource_OSVDB |
| http://security.gentoo.org/glsa/glsa-200711-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/24246 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/1936 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/25470 | third-party-advisoryx_refsource_SECUNIA |
Date Public ?
2007-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "42119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42119"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "bochs-floppy-disk-dos(34513)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "42119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42119"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "bochs-floppy-disk-dos(34513)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27715"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "42119",
"refsource": "OSVDB",
"url": "http://osvdb.org/42119"
},
{
"name": "GLSA-200711-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "24246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "bochs-floppy-disk-dos(34513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
},
{
"name": "25470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2894",
"datePublished": "2007-05-30T01:00:00.000Z",
"dateReserved": "2007-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2893 (GCVE-0-2007-2893)
Vulnerability from nvd – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=188148 | x_refsource_CONFIRM |
| http://secunia.com/advisories/27715 | third-party-advisoryx_refsource_SECUNIA |
| http://taviso.decsystem.org/virtsec.pdf | x_refsource_MISC |
| http://secunia.com/advisories/26364 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200711-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://osvdb.org/36799 | vdb-entryx_refsource_OSVDB |
| http://www.debian.org/security/2007/dsa-1351 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/24246 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/1936 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/25470 | third-party-advisoryx_refsource_SECUNIA |
Date Public ?
2007-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "26364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26364"
},
{
"name": "bochs-ne2000-bo(34508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "36799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36799"
},
{
"name": "DSA-1351",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1351"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "26364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26364"
},
{
"name": "bochs-ne2000-bo(34508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "36799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36799"
},
{
"name": "DSA-1351",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1351"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27715"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "26364",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26364"
},
{
"name": "bochs-ne2000-bo(34508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
},
{
"name": "GLSA-200711-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "36799",
"refsource": "OSVDB",
"url": "http://osvdb.org/36799"
},
{
"name": "DSA-1351",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1351"
},
{
"name": "24246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "25470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2893",
"datePublished": "2007-05-30T01:00:00.000Z",
"dateReserved": "2007-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2372 (GCVE-0-2004-2372)
Vulnerability from nvd – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1009219 | vdb-entryx_refsource_SECTRACK |
| http://www.securiteam.com/unixfocus/5XP0L1FC0M.html | x_refsource_MISC |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
Date Public ?
2004-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bochs-home-bo(15309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
},
{
"name": "1009219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bochs-home-bo(15309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
},
{
"name": "1009219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bochs-home-bo(15309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
},
{
"name": "1009219",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009219"
},
{
"name": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=215733",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2372",
"datePublished": "2005-08-16T04:00:00.000Z",
"dateReserved": "2005-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:13.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25220 (GCVE-0-2018-25220)
Vulnerability from cvelistv5 – Published: 2026-03-28 11:58 – Updated: 2026-03-30 14:53
VLAI?
Title
Bochs 2.6-5 Buffer Overflow Remote Code Execution
Summary
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.
Severity ?
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43979 | exploit |
| http://bochs.sourceforge.net/ | product |
| https://www.vulncheck.com/advisories/bochs-5-buff… | third-party-advisory |
Date Public ?
2018-02-05 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25220",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T12:46:25.542647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:53:23.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BOCHS",
"vendor": "bochs",
"versions": [
{
"status": "affected",
"version": "2.6-5"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bochs_project:bochs:2.6-5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juan Sacco \u003cjsacco@exploitpack.com\u003e - http://exploitpack.com"
}
],
"datePublic": "2018-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T11:58:13.268Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-43979",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/43979"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://bochs.sourceforge.net/"
},
{
"name": "VulnCheck Advisory: Bochs 2.6-5 Buffer Overflow Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/bochs-5-buffer-overflow-remote-code-execution"
}
],
"title": "Bochs 2.6-5 Buffer Overflow Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25220",
"datePublished": "2026-03-28T11:58:13.268Z",
"dateReserved": "2026-03-28T11:46:46.215Z",
"dateUpdated": "2026-03-30T14:53:23.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2007-2894 (GCVE-0-2007-2894)
Vulnerability from cvelistv5 – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=188148 | x_refsource_CONFIRM |
| http://secunia.com/advisories/27715 | third-party-advisoryx_refsource_SECUNIA |
| http://taviso.decsystem.org/virtsec.pdf | x_refsource_MISC |
| http://osvdb.org/42119 | vdb-entryx_refsource_OSVDB |
| http://security.gentoo.org/glsa/glsa-200711-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/24246 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/1936 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/25470 | third-party-advisoryx_refsource_SECUNIA |
Date Public ?
2007-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "42119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42119"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "bochs-floppy-disk-dos(34513)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "42119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42119"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "bochs-floppy-disk-dos(34513)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27715"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "42119",
"refsource": "OSVDB",
"url": "http://osvdb.org/42119"
},
{
"name": "GLSA-200711-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "24246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "bochs-floppy-disk-dos(34513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
},
{
"name": "25470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2894",
"datePublished": "2007-05-30T01:00:00.000Z",
"dateReserved": "2007-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2893 (GCVE-0-2007-2893)
Vulnerability from cvelistv5 – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=188148 | x_refsource_CONFIRM |
| http://secunia.com/advisories/27715 | third-party-advisoryx_refsource_SECUNIA |
| http://taviso.decsystem.org/virtsec.pdf | x_refsource_MISC |
| http://secunia.com/advisories/26364 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200711-21.xml | vendor-advisoryx_refsource_GENTOO |
| http://osvdb.org/36799 | vdb-entryx_refsource_OSVDB |
| http://www.debian.org/security/2007/dsa-1351 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/24246 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/1936 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/25470 | third-party-advisoryx_refsource_SECUNIA |
Date Public ?
2007-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "26364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26364"
},
{
"name": "bochs-ne2000-bo(34508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "36799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36799"
},
{
"name": "DSA-1351",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1351"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "26364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26364"
},
{
"name": "bochs-ne2000-bo(34508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
},
{
"name": "GLSA-200711-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "36799",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36799"
},
{
"name": "DSA-1351",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1351"
},
{
"name": "24246",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "25470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
},
{
"name": "27715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27715"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "26364",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26364"
},
{
"name": "bochs-ne2000-bo(34508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
},
{
"name": "GLSA-200711-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
},
{
"name": "36799",
"refsource": "OSVDB",
"url": "http://osvdb.org/36799"
},
{
"name": "DSA-1351",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1351"
},
{
"name": "24246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24246"
},
{
"name": "ADV-2007-1936",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1936"
},
{
"name": "25470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2893",
"datePublished": "2007-05-30T01:00:00.000Z",
"dateReserved": "2007-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2372 (GCVE-0-2004-2372)
Vulnerability from cvelistv5 – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
VLAI?
Summary
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1009219 | vdb-entryx_refsource_SECTRACK |
| http://www.securiteam.com/unixfocus/5XP0L1FC0M.html | x_refsource_MISC |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
Date Public ?
2004-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bochs-home-bo(15309)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
},
{
"name": "1009219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bochs-home-bo(15309)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
},
{
"name": "1009219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bochs-home-bo(15309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
},
{
"name": "1009219",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009219"
},
{
"name": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=215733",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2372",
"datePublished": "2005-08-16T04:00:00.000Z",
"dateReserved": "2005-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:13.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}