bochs_project CVE Vulnerabilities & Metrics

Focus on bochs_project vulnerabilities and metrics.

Last updated: 16 Apr 2026, 22:25 UTC

About bochs_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with bochs_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total bochs_project CVEs: 1
Earliest CVE date: 31 Dec 2004, 05:00 UTC
Latest CVE date: 28 Mar 2026, 12:16 UTC

Latest CVE reference: CVE-2018-25220

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical bochs_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.12

Max CVSS: 7.2

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	0
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS bochs_project CVEs

These are the five CVEs with the highest CVSS scores for bochs_project, sorted by severity first and recency.

CVE-2007-2893 bochs_project Published on 30 May 2007, 01:30 UTC (CVSS: 7.2)
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
CVE-2004-2372 bochs_project Published on 31 Dec 2004, 05:00 UTC (CVSS: 7.2)
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
CVE-2007-2894 bochs_project Published on 30 May 2007, 01:30 UTC (CVSS: 2.1)
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
CVE-2018-25220 bochs_project Published on 28 Mar 2026, 12:16 UTC (CVSS: 0)
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.

All CVEs for bochs_project

CVE-2018-25220 bochs_project vulnerability CVSS: 0 28 Mar 2026, 12:16 UTC

Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.

CVE-2007-2893 bochs_project vulnerability CVSS: 7.2 30 May 2007, 01:30 UTC

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

CVE-2007-2894 bochs_project vulnerability CVSS: 2.1 30 May 2007, 01:30 UTC

The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.

CVE-2004-2372 bochs_project vulnerability CVSS: 7.2 31 Dec 2004, 05:00 UTC

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.