CVE-2016-20044
Published: 28 March 2026
Summary
CVE-2016-20044 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Surf Pinfo. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2016-20044 is a local buffer overflow vulnerability in PInfo version 0.6.9-5.1, a pager utility similar to less or more, commonly used in Debian-based systems. The flaw occurs when an oversized argument is supplied to the -m parameter, leading to a buffer overflow that overwrites the instruction pointer. This CWE-787 (Out-of-bounds Write) issue has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Local attackers with access to the system can exploit this vulnerability without requiring privileges (PR:N). By crafting a malicious input string consisting of 564 bytes of padding followed by a controlled return address, they can overwrite the instruction pointer and execute arbitrary shellcode with the privileges of the user running PInfo. This enables full code execution in the context of the affected process.
Advisories and references highlight the issue but do not detail specific patches in the provided information. The VulnCheck advisory (https://www.vulncheck.com/advisories/pinfo-local-buffer-overflow-via-m-parameter) describes the buffer overflow via the -m parameter, while Exploit-DB (https://www.exploit-db.com/exploits/40023) provides a public exploit. The official PInfo site (http://pinfo.alioth.debian.org/) serves as a reference for the affected software.
A proof-of-concept exploit is publicly available, indicating potential for real-world exploitation on unpatched systems running the vulnerable version. The CVE was published on 2026-03-28 despite the 2016 identifier.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10843
Vulnerability details
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a…
more
return address to overwrite the instruction pointer and execute shellcode with user privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow enables arbitrary code execution in the context of the PInfo process, classically used for local privilege escalation on unprivileged access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates this buffer overflow by identifying, prioritizing, and applying patches or updates to the vulnerable PInfo version.
Memory protection mechanisms like stack canaries, ASLR, and non-executable stacks prevent successful exploitation of the buffer overflow by blocking control-flow hijacking.
Information input validation enforces bounds checking on the -m parameter to prevent oversized inputs from causing the out-of-bounds write.