CVE-2016-20047
Published: 28 March 2026
Summary
CVE-2016-20047 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Chmurka (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2016-20047 is a local buffer overflow vulnerability (CWE-787) affecting EKG Gadu version 1.9~pre+r2855-3+b1 in its username handling component. The flaw arises in the strlcpy function when processing an oversized username string exceeding 258 bytes, enabling attackers to overwrite the instruction pointer and execute arbitrary shellcode.
Local attackers can exploit this vulnerability with low complexity and no privileges required, as indicated by its CVSS 3.1 score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By supplying a crafted buffer via the username parameter, they can trigger the overflow to gain arbitrary code execution with the privileges of the user running the affected software.
Advisories and additional details, including a published exploit, are available from the EKG project site at http://ekg.chmurka.net/, Exploit-DB at https://www.exploit-db.com/exploits/40392, and VulnCheck at https://www.vulncheck.com/advisories/ekg-gadu-local-buffer-overflow-via-username-parameter. No specific patches or mitigations are detailed in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-10849
Vulnerability details
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted…
more
buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow enables direct arbitrary code execution via crafted input, mapping to exploitation for privilege escalation or code execution on the local system.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 enforces input validation at entry points to reject oversized username strings exceeding 258 bytes, directly preventing the buffer overflow trigger.
SI-16 implements memory protections like ASLR and DEP to prevent instruction pointer overwrite and shellcode execution even if buffer overflow occurs.
SI-2 requires identification, reporting, and correction of flaws like this buffer overflow vulnerability through timely patching or replacement.