CVE-2004-2372
EPSS 0.12%Published: 12/31/2004Modified: 4/28/2026
Also known as:DEBIAN-CVE-2004-2372
Description
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
Affected packages (1)
- Debian/bochsfrom 0, < 2.1.1-1