Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities by bochs_project

    CVE-2018-25220 (GCVE-0-2018-25220)

    Vulnerability from nvd – Published: 2026-03-28 11:58 – Updated: 2026-03-30 14:53
    VLAI
    Title
    Bochs 2.6-5 Buffer Overflow Remote Code Execution
    Summary
    Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    bochs BOCHS Affected: 2.6-5
    Create a notification for this product.
    Date Public
    2018-02-05 00:00
    Credits
    Juan Sacco <jsacco@exploitpack.com> - http://exploitpack.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25220",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T12:46:25.542647Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T14:53:23.576Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BOCHS",
              "vendor": "bochs",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6-5"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bochs_project:bochs:2.6-5:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juan Sacco \u003cjsacco@exploitpack.com\u003e - http://exploitpack.com"
            }
          ],
          "datePublic": "2018-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-28T11:58:13.268Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-43979",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/43979"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "http://bochs.sourceforge.net/"
            },
            {
              "name": "VulnCheck Advisory: Bochs 2.6-5 Buffer Overflow Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/bochs-5-buffer-overflow-remote-code-execution"
            }
          ],
          "title": "Bochs 2.6-5 Buffer Overflow Remote Code Execution",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25220",
        "datePublished": "2026-03-28T11:58:13.268Z",
        "dateReserved": "2026-03-28T11:46:46.215Z",
        "dateUpdated": "2026-03-30T14:53:23.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2007-2894 (GCVE-0-2007-2894)

    Vulnerability from nvd – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.gentoo.org/show_bug.cgi?id=188148 x_refsource_CONFIRM
    http://secunia.com/advisories/27715 third-party-advisoryx_refsource_SECUNIA
    http://taviso.decsystem.org/virtsec.pdf x_refsource_MISC
    http://osvdb.org/42119 vdb-entryx_refsource_OSVDB
    http://security.gentoo.org/glsa/glsa-200711-21.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/24246 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1936 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/25470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
              },
              {
                "name": "27715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27715"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://taviso.decsystem.org/virtsec.pdf"
              },
              {
                "name": "42119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42119"
              },
              {
                "name": "GLSA-200711-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
              },
              {
                "name": "24246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24246"
              },
              {
                "name": "ADV-2007-1936",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1936"
              },
              {
                "name": "bochs-floppy-disk-dos(34513)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
              },
              {
                "name": "25470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
            },
            {
              "name": "27715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27715"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://taviso.decsystem.org/virtsec.pdf"
            },
            {
              "name": "42119",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42119"
            },
            {
              "name": "GLSA-200711-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
            },
            {
              "name": "24246",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24246"
            },
            {
              "name": "ADV-2007-1936",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1936"
            },
            {
              "name": "bochs-floppy-disk-dos(34513)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
            },
            {
              "name": "25470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2894",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
                },
                {
                  "name": "27715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27715"
                },
                {
                  "name": "http://taviso.decsystem.org/virtsec.pdf",
                  "refsource": "MISC",
                  "url": "http://taviso.decsystem.org/virtsec.pdf"
                },
                {
                  "name": "42119",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42119"
                },
                {
                  "name": "GLSA-200711-21",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
                },
                {
                  "name": "24246",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24246"
                },
                {
                  "name": "ADV-2007-1936",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1936"
                },
                {
                  "name": "bochs-floppy-disk-dos(34513)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
                },
                {
                  "name": "25470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2894",
        "datePublished": "2007-05-30T01:00:00.000Z",
        "dateReserved": "2007-05-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2893 (GCVE-0-2007-2893)

    Vulnerability from nvd – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.gentoo.org/show_bug.cgi?id=188148 x_refsource_CONFIRM
    http://secunia.com/advisories/27715 third-party-advisoryx_refsource_SECUNIA
    http://taviso.decsystem.org/virtsec.pdf x_refsource_MISC
    http://secunia.com/advisories/26364 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-200711-21.xml vendor-advisoryx_refsource_GENTOO
    http://osvdb.org/36799 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2007/dsa-1351 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/24246 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1936 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/25470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.038Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
              },
              {
                "name": "27715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27715"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://taviso.decsystem.org/virtsec.pdf"
              },
              {
                "name": "26364",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26364"
              },
              {
                "name": "bochs-ne2000-bo(34508)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
              },
              {
                "name": "GLSA-200711-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
              },
              {
                "name": "36799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36799"
              },
              {
                "name": "DSA-1351",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1351"
              },
              {
                "name": "24246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24246"
              },
              {
                "name": "ADV-2007-1936",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1936"
              },
              {
                "name": "25470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
            },
            {
              "name": "27715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27715"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://taviso.decsystem.org/virtsec.pdf"
            },
            {
              "name": "26364",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26364"
            },
            {
              "name": "bochs-ne2000-bo(34508)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
            },
            {
              "name": "GLSA-200711-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
            },
            {
              "name": "36799",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36799"
            },
            {
              "name": "DSA-1351",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1351"
            },
            {
              "name": "24246",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24246"
            },
            {
              "name": "ADV-2007-1936",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1936"
            },
            {
              "name": "25470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2893",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
                },
                {
                  "name": "27715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27715"
                },
                {
                  "name": "http://taviso.decsystem.org/virtsec.pdf",
                  "refsource": "MISC",
                  "url": "http://taviso.decsystem.org/virtsec.pdf"
                },
                {
                  "name": "26364",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26364"
                },
                {
                  "name": "bochs-ne2000-bo(34508)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
                },
                {
                  "name": "GLSA-200711-21",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
                },
                {
                  "name": "36799",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36799"
                },
                {
                  "name": "DSA-1351",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1351"
                },
                {
                  "name": "24246",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24246"
                },
                {
                  "name": "ADV-2007-1936",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1936"
                },
                {
                  "name": "25470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2893",
        "datePublished": "2007-05-30T01:00:00.000Z",
        "dateReserved": "2007-05-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2372 (GCVE-0-2004-2372)

    Vulnerability from nvd – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
    VLAI
    Summary
    Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:22:13.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "bochs-home-bo(15309)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
              },
              {
                "name": "1009219",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1009219"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path.  NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "bochs-home-bo(15309)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
            },
            {
              "name": "1009219",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1009219"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path.  NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "bochs-home-bo(15309)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
                },
                {
                  "name": "1009219",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1009219"
                },
                {
                  "name": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=215733",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2372",
        "datePublished": "2005-08-16T04:00:00.000Z",
        "dateReserved": "2005-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:22:13.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-25220 (GCVE-0-2018-25220)

    Vulnerability from cvelistv5 – Published: 2026-03-28 11:58 – Updated: 2026-03-30 14:53
    VLAI
    Title
    Bochs 2.6-5 Buffer Overflow Remote Code Execution
    Summary
    Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    bochs BOCHS Affected: 2.6-5
    Create a notification for this product.
    Date Public
    2018-02-05 00:00
    Credits
    Juan Sacco <jsacco@exploitpack.com> - http://exploitpack.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25220",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T12:46:25.542647Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T14:53:23.576Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BOCHS",
              "vendor": "bochs",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6-5"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bochs_project:bochs:2.6-5:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Juan Sacco \u003cjsacco@exploitpack.com\u003e - http://exploitpack.com"
            }
          ],
          "datePublic": "2018-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-28T11:58:13.268Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-43979",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/43979"
            },
            {
              "name": "Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "http://bochs.sourceforge.net/"
            },
            {
              "name": "VulnCheck Advisory: Bochs 2.6-5 Buffer Overflow Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/bochs-5-buffer-overflow-remote-code-execution"
            }
          ],
          "title": "Bochs 2.6-5 Buffer Overflow Remote Code Execution",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25220",
        "datePublished": "2026-03-28T11:58:13.268Z",
        "dateReserved": "2026-03-28T11:46:46.215Z",
        "dateUpdated": "2026-03-30T14:53:23.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2007-2894 (GCVE-0-2007-2894)

    Vulnerability from cvelistv5 – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.gentoo.org/show_bug.cgi?id=188148 x_refsource_CONFIRM
    http://secunia.com/advisories/27715 third-party-advisoryx_refsource_SECUNIA
    http://taviso.decsystem.org/virtsec.pdf x_refsource_MISC
    http://osvdb.org/42119 vdb-entryx_refsource_OSVDB
    http://security.gentoo.org/glsa/glsa-200711-21.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/24246 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1936 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/25470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
              },
              {
                "name": "27715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27715"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://taviso.decsystem.org/virtsec.pdf"
              },
              {
                "name": "42119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42119"
              },
              {
                "name": "GLSA-200711-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
              },
              {
                "name": "24246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24246"
              },
              {
                "name": "ADV-2007-1936",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1936"
              },
              {
                "name": "bochs-floppy-disk-dos(34513)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
              },
              {
                "name": "25470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
            },
            {
              "name": "27715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27715"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://taviso.decsystem.org/virtsec.pdf"
            },
            {
              "name": "42119",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42119"
            },
            {
              "name": "GLSA-200711-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
            },
            {
              "name": "24246",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24246"
            },
            {
              "name": "ADV-2007-1936",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1936"
            },
            {
              "name": "bochs-floppy-disk-dos(34513)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
            },
            {
              "name": "25470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2894",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
                },
                {
                  "name": "27715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27715"
                },
                {
                  "name": "http://taviso.decsystem.org/virtsec.pdf",
                  "refsource": "MISC",
                  "url": "http://taviso.decsystem.org/virtsec.pdf"
                },
                {
                  "name": "42119",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42119"
                },
                {
                  "name": "GLSA-200711-21",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
                },
                {
                  "name": "24246",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24246"
                },
                {
                  "name": "ADV-2007-1936",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1936"
                },
                {
                  "name": "bochs-floppy-disk-dos(34513)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34513"
                },
                {
                  "name": "25470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2894",
        "datePublished": "2007-05-30T01:00:00.000Z",
        "dateReserved": "2007-05-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2893 (GCVE-0-2007-2893)

    Vulnerability from cvelistv5 – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.gentoo.org/show_bug.cgi?id=188148 x_refsource_CONFIRM
    http://secunia.com/advisories/27715 third-party-advisoryx_refsource_SECUNIA
    http://taviso.decsystem.org/virtsec.pdf x_refsource_MISC
    http://secunia.com/advisories/26364 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-200711-21.xml vendor-advisoryx_refsource_GENTOO
    http://osvdb.org/36799 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2007/dsa-1351 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/24246 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1936 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/25470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.038Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
              },
              {
                "name": "27715",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27715"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://taviso.decsystem.org/virtsec.pdf"
              },
              {
                "name": "26364",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26364"
              },
              {
                "name": "bochs-ne2000-bo(34508)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
              },
              {
                "name": "GLSA-200711-21",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
              },
              {
                "name": "36799",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36799"
              },
              {
                "name": "DSA-1351",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1351"
              },
              {
                "name": "24246",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24246"
              },
              {
                "name": "ADV-2007-1936",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1936"
              },
              {
                "name": "25470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
            },
            {
              "name": "27715",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27715"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://taviso.decsystem.org/virtsec.pdf"
            },
            {
              "name": "26364",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26364"
            },
            {
              "name": "bochs-ne2000-bo(34508)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
            },
            {
              "name": "GLSA-200711-21",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
            },
            {
              "name": "36799",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36799"
            },
            {
              "name": "DSA-1351",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1351"
            },
            {
              "name": "24246",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24246"
            },
            {
              "name": "ADV-2007-1936",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1936"
            },
            {
              "name": "25470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2893",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
                },
                {
                  "name": "27715",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27715"
                },
                {
                  "name": "http://taviso.decsystem.org/virtsec.pdf",
                  "refsource": "MISC",
                  "url": "http://taviso.decsystem.org/virtsec.pdf"
                },
                {
                  "name": "26364",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26364"
                },
                {
                  "name": "bochs-ne2000-bo(34508)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
                },
                {
                  "name": "GLSA-200711-21",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
                },
                {
                  "name": "36799",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36799"
                },
                {
                  "name": "DSA-1351",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1351"
                },
                {
                  "name": "24246",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24246"
                },
                {
                  "name": "ADV-2007-1936",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1936"
                },
                {
                  "name": "25470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2893",
        "datePublished": "2007-05-30T01:00:00.000Z",
        "dateReserved": "2007-05-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2372 (GCVE-0-2004-2372)

    Vulnerability from cvelistv5 – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
    VLAI
    Summary
    Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:22:13.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "bochs-home-bo(15309)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
              },
              {
                "name": "1009219",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1009219"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path.  NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "bochs-home-bo(15309)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
            },
            {
              "name": "1009219",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1009219"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path.  NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "bochs-home-bo(15309)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309"
                },
                {
                  "name": "1009219",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1009219"
                },
                {
                  "name": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=215733",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=215733"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2372",
        "datePublished": "2005-08-16T04:00:00.000Z",
        "dateReserved": "2005-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:22:13.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }