216.73.217.98

CVE-2016-20047

· Published 28/03/2026 12:16 · Modified 28/03/2026 12:16

Labels: CVE-2016-20047 2026-03-28CVE-2016-20047CWE-787[email protected]

Essential information

Published
28/03/2026 12:16
Modified
28/03/2026 12:16
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ekg / gadu cpe:2.3:a:ekg:gadu:1.9~pre+r2855:*:*:*:*:*:*:*

References