Login Sign Up

CVE-2022-30055

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2022-30055 is a buffer overflow vulnerability in Prime95 version 30.7 build 9 that allows remote attackers to execute arbitrary code on affected systems. This affects users running vulnerable versions of Prime95, particularly those using it for distributed computing or benchmarking purposes. The vulnerability stems from improper bounds checking in buffer operations.

💻 Affected Systems

Products:
  • Prime95
Versions: 30.7 build 9
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of the affected version are vulnerable regardless of configuration.

📦 What is this software?

Prime95 by Mersenne

View all CVEs affecting Prime95 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

System compromise leading to data theft, cryptocurrency mining, or botnet enrollment.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are applied.

🌐 Internet-Facing: HIGH - Prime95 is often used in distributed computing projects that may be internet-accessible.
🏢 Internal Only: MEDIUM - Internal systems running Prime95 could be compromised through lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 30.8 or later

Vendor Advisory: https://www.mersenne.org/download/

Restart Required: Yes

Instructions:

1. Download Prime95 version 30.8 or later from the official website. 2. Stop the Prime95 service/process. 3. Install the updated version. 4. Restart the Prime95 service/process.

🔧 Temporary Workarounds

Network Isolation

all

Block network access to Prime95 ports and services

iptables -A INPUT -p tcp --dport [Prime95_port] -j DROP
netsh advfirewall firewall add rule name="Block Prime95" dir=in action=block program="C:\path\to\prime95.exe"

Service Disablement

all

Temporarily disable Prime95 service until patching

systemctl stop prime95
sc stop Prime95

🧯 If You Can't Patch

  • Remove Prime95 from affected systems entirely
  • Implement strict network segmentation to isolate Prime95 systems

🔍 How to Verify

Check if Vulnerable:

Check Prime95 version by running the executable with --version flag or checking the about dialog

Check Version:

prime95 --version (Linux) or check Help > About in GUI (Windows)

Verify Fix Applied:

Verify installed version is 30.8 or later using the same method

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Prime95 executable
  • Network connections from Prime95 to unexpected destinations
  • Crash logs from Prime95

Network Indicators:

  • Unexpected network traffic on Prime95 default ports
  • Suspicious payloads in network traffic to Prime95

SIEM Query:

process_name:"prime95.exe" AND (event_type:"process_creation" OR event_type:"network_connection")

📊 Metadata

CVE ID: CVE-2022-30055
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: May 16, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30055, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)