CVE-2018-25426
Analyzed Analyzed - Analysis Complete
WinMTR 0.91 Buffer Overflow Denial of Service

Publication date: 2026-05-30

Last updated on: 2026-06-03

Assigner: VulnCheck

Description
WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow condition that causes the application to crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-30
Last Modified
2026-06-03
Generated
2026-06-19
AI Q&A
2026-05-30
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25426
EUVD
EUVD-2018-21948
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
winmtr winmtr 0.91
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

WinMTR version 0.91 contains a denial of service vulnerability caused by a buffer overflow. Attackers can create a specially crafted input file containing a 238-byte buffer of repeated characters that triggers this overflow. When WinMTR processes this malformed payload file, the buffer overflow causes the application to crash.

Impact Analysis

This vulnerability can cause WinMTR to crash unexpectedly when processing a maliciously crafted input file. This denial of service (DoS) condition disrupts the normal operation of the application, potentially preventing users from performing network diagnostics and troubleshooting.

Detection Guidance

This vulnerability can be detected by observing if WinMTR 0.91 crashes when processing input files. Specifically, a malformed payload file containing a 238-byte buffer of repeated characters (such as the letter 'A') triggers the buffer overflow causing the crash.

To detect the vulnerability, you can attempt to reproduce the crash by creating a test file with 238 repeated characters and loading it into WinMTR 0.91. For example, create a file named "exp.txt" containing 238 'A' characters and then open it with WinMTR to see if the application crashes.

  • On Windows command line, create the payload file with: powershell -Command "'A' * 238 | Out-File -Encoding ascii exp.txt"
  • Then, open WinMTR 0.91 and load the "exp.txt" file to check if the application crashes, indicating the presence of the vulnerability.
Mitigation Strategies

The immediate mitigation step is to avoid using WinMTR version 0.91 or earlier versions that are vulnerable to this buffer overflow denial of service.

If you must use WinMTR, do not open or process any untrusted or malformed input files that could contain the specially crafted 238-byte payload designed to crash the application.

Additionally, consider upgrading to a later version of WinMTR if available, or use alternative network diagnostic tools that are not affected by this vulnerability.

Compliance Impact

The provided information does not include any details on how the WinMTR 0.91 denial of service vulnerability (CVE-2018-25426) impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25426. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart