CVE-2017-20228
Published: 28 March 2026
Summary
CVE-2017-20228 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Flatassembler Flat Assembler. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 12.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
Flat Assembler 1.71.21 is affected by CVE-2017-20228, a stack-based buffer overflow vulnerability (CWE-787) that enables local attackers to execute arbitrary code. The issue arises when the application processes oversized input, specifically malicious assembly input exceeding 5895 bytes, leading to overwriting of the instruction pointer. This flaw carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Local attackers with access to the system can exploit this vulnerability by crafting and supplying oversized assembly input to the Flat Assembler application. Successful exploitation allows overwriting the stack to hijack the instruction pointer and chain return-oriented programming (ROP) gadgets, ultimately achieving arbitrary code execution such as shell command invocation. No user interaction or privileges are required beyond local access, making it straightforward for unprivileged users to target the application.
Advisories and related resources, including the Flat Assembler official site (http://www.flatassembler.net), an Exploit-DB entry (https://www.exploit-db.com/exploits/42265), and a Vulncheck advisory (https://www.vulncheck.com/advisories/flat-assembler-stack-based-buffer-overflow-rop), document the vulnerability and provide exploit details, though no specific patches or mitigations are detailed in the available information.
A proof-of-concept exploit is publicly available on Exploit-DB, indicating potential for real-world local exploitation on unpatched systems running the affected version.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-18949
Vulnerability details
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute…
more
return-oriented programming chains for shell command execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in local client app directly enables arbitrary code execution via ROP, mapping to client exploitation and command interpreters.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents stack-based buffer overflows by validating and rejecting oversized assembly inputs exceeding safe limits like 5895 bytes.
Implements memory protections such as DEP, ASLR, and stack canaries to block instruction pointer overwrite and ROP chain execution even if overflow occurs.
Requires timely remediation of known flaws like CVE-2017-20228 through patching or replacement of vulnerable Flat Assembler versions.