← Back

Bochs Project

bochs_project

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Bochs
bochs
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-25220
1Bochs Project
1Bochs
Apr 2, 2026
Mar 28, 2026
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 120...Show more
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.Show less
CVE-2007-2894
1Bochs Project
1Bochs
Apr 23, 2026
May 30, 2007
N/A· v4
N/A· v3
2.1 LOW· v2
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
CVE-2007-2893
1Bochs Project
1Bochs
Apr 23, 2026
May 30, 2007
N/A· v4
N/A· v3
7.2 HIGH· v2
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain...Show more
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."Show less
CVE-2004-2372
1Bochs Project
1Bochs
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.2 HIGH· v2
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a...Show more
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.Show less