CVE-2004-2372 in Bochsinfo

Summary

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

08/16/2005

Disclosure

12/31/2004

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-119

CVSS

9.3

EPSS

0.00123

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-2372
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2372
CVE Details	https://www.cvedetails.com/cve/CVE-2004-2372/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!