CVE-2016-20043
Published: 28 March 2026
Summary
CVE-2016-20043 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Nrss Nrss. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2016-20043 is a stack buffer overflow vulnerability affecting NRSS RSS Reader version 0.3.9-1. The issue arises when an oversized argument is supplied to the -F parameter, enabling local attackers to execute arbitrary code. Specifically, attackers can craft malicious input consisting of 256 bytes of padding followed by a controlled EIP value to overwrite the return address and hijack execution flow.
Local unprivileged attackers can exploit this vulnerability with low complexity and no user interaction required (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.4), achieving full arbitrary code execution on the target system. This grants high impacts on confidentiality, integrity, and availability, mapped to CWE-787 (Out-of-bounds Write).
Advisories, including one from VulnCheck, document the stack buffer overflow in NRSS RSS Reader. A proof-of-concept exploit is publicly available on Exploit-DB (ID 39810). The project homepage is hosted at codezen.org/nrss, but no patches or specific mitigation steps are detailed in the CVE information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10841
Vulnerability details
NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by…
more
a controlled EIP value to overwrite the return address and achieve code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack buffer overflow in client RSS reader application directly enables arbitrary code execution via return address overwrite (T1203: Exploitation for Client Execution).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Implements memory protections such as non-executable stacks, ASLR, and stack canaries to prevent exploitation of stack buffer overflows via return address overwrite.
Requires validation of command-line inputs like the -F parameter to reject oversized arguments that trigger the buffer overflow.
Mandates timely identification, reporting, and remediation of flaws such as this stack buffer overflow in NRSS RSS Reader, via patching or removal.