The vulnerability is a stack‑based buffer overflow in the Bochs 2.6‑5 emulator. An attacker can supply an oversized input string, 1200 bytes of padding followed by a return‑oriented‑programming chain, that overwrites the instruction pointer and causes arbitrary shell commands to execute with the privileges of the running Bochs process. This provides the attacker with the ability to read, modify, or delete files and execute any program under the emulator’s user account. The weakness is a classic buffer overflow and is classified as CWE‑787.

Affected systems are the Bochs emulator distributed by the Bochs Project. The vulnerability exists in version 2.6‑5 (also listed as 2.6.5). No other product versions are listed as affected. Applications that run this version of Bochs are at risk if they accept user‑supplied input without proper bounds checking.

The CVSS score of 9.3 marks this issue as critical. However, the EPSS score of less than 1% indicates a very low likelihood of current exploitation in the wild, and the vulnerability is not included in CISA’s KEV catalog. The attack vector is inferred to be remote or local depending on how the emulator receives input; if the Bochs process is exposed to network traffic or processes untrusted files, an attacker could deliver the malicious payload. The exploit requires only the ability to supply a crafted string to Bochs, making it potentially exploitable in environments where the emulator is run with elevated privileges.