CVE-2004-2372

Name: CVE-2004-2372
Creator: NVD / NIST
Published: 2004-12-31T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.70%

Last modified Jun 16, 2026

CVE-2004-2372 is a vulnerability of currently unknown severity. Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.. EPSS estimates a 0.70% chance of exploitation in the next 30 days.

Description

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.

Metrics

EPSS Probability

0.70%

48.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Bochs Project	Bochs	< 2.1.1

References

http://securitytracker.com/id?1009219Patch, Third Party Advisory, VDB Entry
http://sourceforge.net/project/shownotes.php?release_id=215733Patch
http://www.securiteam.com/unixfocus/5XP0L1FC0M.htmlExploit, Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15309VDB Entry
http://securitytracker.com/id?1009219Patch, Third Party Advisory, VDB Entry
http://sourceforge.net/project/shownotes.php?release_id=215733Patch
http://www.securiteam.com/unixfocus/5XP0L1FC0M.htmlExploit, Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15309VDB Entry

Timeline

Published: Dec 31, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-2372?

How severe is CVE-2004-2372?

Severity scoring for CVE-2004-2372 is pending analysis. The EPSS model estimates a 0.70% probability of exploitation in the next 30 days.

How do I fix CVE-2004-2372?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-2372?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST