Cyber Resilience

CVE-2016-20044

HighPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
10 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 15.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2016-20044 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Surf Pinfo. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2016-20044 is a local buffer overflow vulnerability in PInfo version 0.6.9-5.1, a pager utility similar to less or more, commonly used in Debian-based systems. The flaw occurs when an oversized argument is supplied to the -m parameter, leading to a buffer overflow that overwrites the instruction pointer. This CWE-787 (Out-of-bounds Write) issue has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Local attackers with access to the system can exploit this vulnerability without requiring privileges (PR:N). By crafting a malicious input string consisting of 564 bytes of padding followed by a controlled return address, they can overwrite the instruction pointer and execute arbitrary shellcode with the privileges of the user running PInfo. This enables full code execution in the context of the affected process.

Advisories and references highlight the issue but do not detail specific patches in the provided information. The VulnCheck advisory (https://www.vulncheck.com/advisories/pinfo-local-buffer-overflow-via-m-parameter) describes the buffer overflow via the -m parameter, while Exploit-DB (https://www.exploit-db.com/exploits/40023) provides a public exploit. The official PInfo site (http://pinfo.alioth.debian.org/) serves as a reference for the affected software.

A proof-of-concept exploit is publicly available, indicating potential for real-world exploitation on unpatched systems running the vulnerable version. The CVE was published on 2026-03-28 despite the 2016 identifier.

EU & UK References

Vulnerability details

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a…

more

return address to overwrite the instruction pointer and execute shellcode with user privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local buffer overflow enables arbitrary code execution in the context of the PInfo process, classically used for local privilege escalation on unprivileged access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787
CVE-2024-35273Shared CWE-787
CVE-2022-49062Shared CWE-787
CVE-2025-26519Shared CWE-787

Affected Assets

surf
pinfo
≤ 0.6.9-5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates this buffer overflow by identifying, prioritizing, and applying patches or updates to the vulnerable PInfo version.

prevent

Memory protection mechanisms like stack canaries, ASLR, and non-executable stacks prevent successful exploitation of the buffer overflow by blocking control-flow hijacking.

prevent

Information input validation enforces bounds checking on the -m parameter to prevent oversized inputs from causing the out-of-bounds write.

References