Description
Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation.
Published: 2026-04-04
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local code execution via SEH overwrite
Action: Immediate Patch
AI Analysis

Impact

Snes9K 0.0.9z contains a buffer overflow in the Netplay Socket Port Number field. A local attacker can enter a crafted payload through the Netplay Options menu, overwriting a structured exception handler and gaining arbitrary code execution on the system. The flaw directly compromises the confidentiality, integrity, and availability of the host where the emulator runs.

Affected Systems

The vulnerability affects the Sourceforge Snes9K emulator version 0.0.9z. No other versions or products are listed as affected.

Risk and Exploitability

With a CVSS score of 8.6, the flaw is considered high severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation but still posing a significant risk. The exploit requires local access to the machine running Snes9K and the attacker must launch the Netplay Options dialog to inject the overflow. Because it achieves code execution through SEH chain exploitation, a determined adversary could gain full control of the targeted system.

Generated by OpenCVE AI on April 4, 2026 at 17:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched or newer release of Snes9K if one exists.
  • If no patch is available, avoid enabling the Netplay feature or uninstall Snes9K.
  • Check the vendor’s website or Sourceforge page for updates or advisories.
  • Restrict local user privileges and apply standard software hardening practices.

Generated by OpenCVE AI on April 4, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourceforge
Sourceforge snes9k 0.0.9z
Vendors & Products Sourceforge
Sourceforge snes9k 0.0.9z

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation.
Title Snes9K 0.0.9z Buffer Overflow SEH via Netplay Socket
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Sourceforge Snes9k 0.0.9z
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:02:54.033Z

Reserved: 2026-04-04T13:27:41.226Z

Link: CVE-2018-25251

cve-icon Vulnrichment

Updated: 2026-04-06T17:59:38.024Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:21.203

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25251

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:36Z

Weaknesses