Cyber Resilience

CVE-2017-20228

HighPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
02 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 12.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2017-20228 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Flatassembler Flat Assembler. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 12.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

Flat Assembler 1.71.21 is affected by CVE-2017-20228, a stack-based buffer overflow vulnerability (CWE-787) that enables local attackers to execute arbitrary code. The issue arises when the application processes oversized input, specifically malicious assembly input exceeding 5895 bytes, leading to overwriting of the instruction pointer. This flaw carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Local attackers with access to the system can exploit this vulnerability by crafting and supplying oversized assembly input to the Flat Assembler application. Successful exploitation allows overwriting the stack to hijack the instruction pointer and chain return-oriented programming (ROP) gadgets, ultimately achieving arbitrary code execution such as shell command invocation. No user interaction or privileges are required beyond local access, making it straightforward for unprivileged users to target the application.

Advisories and related resources, including the Flat Assembler official site (http://www.flatassembler.net), an Exploit-DB entry (https://www.exploit-db.com/exploits/42265), and a Vulncheck advisory (https://www.vulncheck.com/advisories/flat-assembler-stack-based-buffer-overflow-rop), document the vulnerability and provide exploit details, though no specific patches or mitigations are detailed in the available information.

A proof-of-concept exploit is publicly available on Exploit-DB, indicating potential for real-world local exploitation on unpatched systems running the affected version.

EU & UK References

Vulnerability details

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute…

more

return-oriented programming chains for shell command execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Stack buffer overflow in local client app directly enables arbitrary code execution via ROP, mapping to client exploitation and command interpreters.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25705Shared CWE-787
CVE-2019-25633Shared CWE-787
CVE-2026-0538Shared CWE-787
CVE-2016-20046Shared CWE-787
CVE-2019-25628Shared CWE-787
CVE-2019-25695Shared CWE-787
CVE-2018-25218Shared CWE-787
CVE-2026-42484Shared CWE-787
CVE-2019-25612Shared CWE-787
CVE-2025-43300Shared CWE-787

Affected Assets

flatassembler
flat assembler
≤ 1.71.21

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents stack-based buffer overflows by validating and rejecting oversized assembly inputs exceeding safe limits like 5895 bytes.

prevent

Implements memory protections such as DEP, ASLR, and stack canaries to block instruction pointer overwrite and ROP chain execution even if overflow occurs.

prevent

Requires timely remediation of known flaws like CVE-2017-20228 through patching or replacement of vulnerable Flat Assembler versions.

References