Bochs 2.6-5 is vulnerable to a critical stack-based buffer overflow that allows attackers to execute arbitrary shell commands by supplying oversized input strings.

This vulnerability is triggered by supplying an oversized input string to the application. An unauthenticated attacker can craft a payload containing 1200 bytes of padding and a ROP chain to overwrite the instruction pointer and execute commands with the privileges of the Bochs process.

Exploitation of this vulnerability allows an attacker to break out of the intended application flow and execute code on the host system. This poses a significant risk to the confidentiality and integrity of the host. The CVSS score of 9.8 reflects the high potential for system compromise.

Immediate Action: Update Bochs to the latest version immediately to resolve the buffer overflow vulnerability.

Proactive Monitoring: Monitor for crashes in the Bochs application and investigate any instances where the application attempts to spawn unexpected sub-processes.

Compensating Controls: Use Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP), though the use of ROP chains by attackers is designed specifically to bypass these measures.

Public Exploit Available: false

Organizations using Bochs for emulation or virtualization must prioritize this update. Because emulators often run with significant permissions to access hardware resources, the impact of a successful breakout is exceptionally high.