CVE-2004-2372 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Bochs

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 68.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bochs Project Bochs Debian Bochs

Timeline

PublishedDec 31

Latest updateApr 29

Description

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/bochs< bochs 2.1.1-1 (bookworm)

▶NVDbochs_project/bochs< 2.1.1

▶Debianbochs_project/bochs< 2.1.1-1+3

Patches

Patch: securitytracker.com ↗Patch: sourceforge.net ↗Patch: www.securiteam.com ↗

🔴Vulnerability Details

GHSA

GHSA-g3hw-2h8v-79ff: Buffer overflow in Bochs before 2↗2022-04-29

▶

OSV

CVE-2004-2372: Buffer overflow in Bochs before 2↗2004-12-31

▶

📋Vendor Advisories

Debian

CVE-2004-2372: bochs - Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users t...↗2004

▶