Cyber Posture

CVE-2016-20038

HighPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-20038 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Han (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates identifying, reporting, and correcting the stack-based buffer overflow flaw in yTree to eliminate the vulnerability.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like ASLR, stack canaries, and non-executable stacks to block arbitrary code execution from stack overflows.

SI-10 Information Input Validation good match
prevent

Requires validating command-line arguments at entry points to reject excessively long inputs that trigger the buffer overflow.

NVD Description

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite…

more

the stack and execute code in the application context.

Deeper analysisAI

CVE-2016-20038 is a stack-based buffer overflow vulnerability (CWE-787) affecting yTree version 1.94-1.1. The flaw occurs when the application processes an excessively long command-line argument, allowing attackers to overwrite the stack with shellcode and a return address, thereby enabling arbitrary code execution in the application's context. This issue was published on 2026-03-28 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers with access to the system can exploit this vulnerability without requiring privileges (PR:N), user interaction (UI:N), or high complexity (AC:L). By crafting a malicious command-line argument, they can achieve arbitrary code execution within the yTree process, potentially leading to high impacts on confidentiality, integrity, and availability.

References include the official yTree website at http://www.han.de/~werner/ytree.html, an Exploit-DB entry (https://www.exploit-db.com/exploits/39406) providing a proof-of-concept exploit, and a VulnCheck advisory (https://www.vulncheck.com/advisories/ytree-stack-based-buffer-overflow) detailing the stack-based buffer overflow. Specific mitigation or patch details are not outlined in the provided information.

Details

CWE(s)
CWE-787

Affected Products

Han
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-20890Shared CWE-787
CVE-2019-25681Shared CWE-787
CVE-2026-23715Shared CWE-787
CVE-2025-21161Shared CWE-787
CVE-2026-21327Shared CWE-787
CVE-2025-21042Shared CWE-787
CVE-2026-3094Shared CWE-787
CVE-2026-27703Shared CWE-787
CVE-2026-31698Shared CWE-787
CVE-2025-20888Shared CWE-787

References