CVE-2018-25293

medium

Description

Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.

References

https://www.vulncheck.com/advisories/prime95-29-4b7-denial-of-service-via-proxy-password-field

https://www.exploit-db.com/exploits/45226

http://www.mersenne.org/ftp_root/gimps/p95v294b7.win32.zip

http://www.mersenne.org

Details

Source: Mitre, NVD

Published: 2026-04-26

Updated: 2026-04-27

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.2

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00012