CVE-2018-25293

MEDIUM

Prime95 29.4b7 Denial of Service via Proxy Password Field

Title source: cna

Description

Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gionathan Reale · pythondoswindows_x86

https://www.exploit-db.com/exploits/45226

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/45226

[Product] http://www.mersenne.org

[Product] http://www.mersenne.org/ftp_root/gimps/p95v294b7.win32.zip

[Third Party Advisory] https://www.vulncheck.com/advisories/prime95-29-4b7-denial-of-service-via-proxy-password-field

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

Mersenne/Prime95 29.4b7

Published Apr 26, 2026

Tracked Since Apr 26, 2026