CVE-2018-25220 — Out-of-bounds Write in Bochs

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

0.1%

top 75.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bochs Bochs Project Bochs

Timeline

PublishedMar 28

Description

Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5bochs/bochs2.6-5

▶NVDbochs_project/bochs2.6.5

🔴Vulnerability Details

OSV

CVE-2018-25220: Bochs 2↗2026-03-28

▶

GHSA

GHSA-fx87-p9wh-85gp: Bochs 2↗2026-03-28

▶

🕵️Threat Intelligence

Wiz

CVE-2018-25220 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶