CVE-2016-20038

NameCVE-2016-20038
DescriptionyTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ytree (PTS)bullseye1.99pl1-2undetermined
bookworm1.99pl1-2.1undetermined
sid, trixie1.99pl1-2.2undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ytreesource(unstable)undetermined

Notes

https://www.exploit-db.com/exploits/39406
Search for package or bug name: Reporting problems