CVE-2004-2372
published 2004-12-31CVE-2004-2372: Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if…
PriorityP420high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.70%
48.7th percentile
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bochs_project | bochs | < 2.1.1 | 2.1.1 |
| bochs_project | bochs | >= 0 < 2.1.1-1 | 2.1.1-1 |
| bochs_project | bochs | >= 0 < 2.1.1-1 | 2.1.1-1 |
| bochs_project | bochs | >= 0 < 2.1.1-1 | 2.1.1-1 |
| bochs_project | bochs | >= 0 < 2.1.1-1 | 2.1.1-1 |
| debian | bochs | < bochs 2.1.1-1 (bookworm) | bochs 2.1.1-1 (bookworm) |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g3hw-2h8v-79ff: Buffer overflow in Bochs before 2
ghsa_unreviewed·2022-04-29
CVE-2004-2372 [HIGH] GHSA-g3hw-2h8v-79ff: Buffer overflow in Bochs before 2
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
OSV
CVE-2004-2372: Buffer overflow in Bochs before 2
osv·2004-12-31·CVSS 7.2
CVE-2004-2372 [HIGH] CVE-2004-2372: Buffer overflow in Bochs before 2
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
Debian
CVE-2004-2372: bochs - Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users t...
vendor_debian·2004·CVSS 7.2
CVE-2004-2372 [HIGH] CVE-2004-2372: bochs - Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users t...
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
Scope: local
bookworm: resolved (fixed in 2.1.1-1)
bullseye: resolved (fixed in 2.1.1-1)
forky: resolved (fixed in 2.1.1-1)
sid: resolved (fixed in 2.1.1-1)
trixie: resolved (fixed in 2.1.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securitytracker.com/id?1009219http://sourceforge.net/project/shownotes.php?release_id=215733http://www.securiteam.com/unixfocus/5XP0L1FC0M.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15309http://securitytracker.com/id?1009219http://sourceforge.net/project/shownotes.php?release_id=215733http://www.securiteam.com/unixfocus/5XP0L1FC0M.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15309
2004-12-31
Published